NCUA board holds open meeting, receives briefings on cybersecurity and new charters

The National Credit Union Administration held its seventh open meeting of 2024 on October 24, during which they received briefs from three departments: the Office of Examination and Insurance, the Office of the Executive Director, and the Office of Credit Union Resources and Expansion.

Cyber incidents involving third parties a concern

The former two provided a report on cybersecurity and hacking economics, as well as a program briefing from the Information Security Examination program. Per the briefing, since the cyber incident notification went into effect in September 2023, credit unions have reported over one thousand reports, with nearly 70% stemming from the use or involvement of a third-party vendor. The rule requires federally insured credit unions to report cyber incidents within 72 hours of detection.

In the past, the NCUA has argued that it should have more direct oversight of CUSOs and other third parties as they relate to credit union operations, citing threats to credit union security. Said Chairman Todd Harper: “Far too often, we see that third-party service providers are a weak link in the financial system, a danger noted in the most recent Annual Report of the Financial Stability Oversight Council. And credit union third-party service providers are no exception.”

 

continue reading »