Man, that went fast didn’t it? It feels like 2017 just started yesterday, but I guess things are never “slow” when it comes to compliance. Now it is time to prepare for 2018, a year in which we will see new (and old) priorities from our regulator friends. NCUA recently published their supervisory priorities for 2018 and I wanted to take this time to give a brief recap of what they will be looking for this upcoming year.
It is not a surprise that cybersecurity is a top focus going into 2018. Data breaches dominated the headlines in 2017, and with the use of technology becoming more prominent in everything that we do, it makes sense that this is a top focus again this year. This year the NCUA will begin implementing the Automated Cybersecurity Examination Tool (ACET) which was designed to help improve and standardize the review process. The ACET aligns with the FFIEC Cybersecurity Assessment Tool, so I would highly recommend that you complete your own assessment based off this guidance. The NCUA does state that they will be using the ACET during exams for credit unions that have over $1 billion in assets. This will allow them to set a baseline for how this looks today, and then they can scale and redefine from there how it should look for smaller institutions.
continue reading »