On Compliance: Automated cyber examination tool-based exams in 2019 and 2020

What regulators are doing this year and what’s likely for next.

In 2018, the National Credit Union Administration rolled out its Automated Cyber Examination Tool examination, starting with credit unions over $1 billion in assets. This process has rolled over into 2019, and this article constitutes a summary of ideas about ACET-based exams for the current year.

NCUA will most likely will issue an update of its plans for 2020 in January. It is likely, though not certain, that the agency will continue along the same path it has been on this year.

ACET applies a modern, industry-wide approach to assessing the evolving landscape of technology and risks. The examination closely tracks the Federal Financial Institutions Examination Council Cybersecurity Assessment Tool, with one big exception: The ACET requests documentation in more than 65 categories to back up 530 statements (170 statements for baseline compliance). In comparison, the prior Gramm-Leach-Bliley Act-based assessment had 150 questions and requested fewer than 10 documents.


continue reading »