NCUA Board issues proposed rule on cyber incident reporting requirements
ALEXANDRIA, VA (July 21, 2022) — Through a live webcast, the National Credit Union Administration Board held its seventh open meeting of 2022 and unanimously approved two items:
- A notice of proposed rulemaking on cyber incident notification requirements.
- A final rule to adjust the asset thresholds for assigning supervision of covered consumer credit unions to the Office of National Examinations and Supervision (ONES).
In addition, the NCUA’s Chief Financial Officer briefed the Board on the agency’s mid-session budget.
Proposed Rule on Reportable Cyber Incidents Approved by Board
The NCUA Board approved a proposed rule(opens new window) that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.
“NCUA Board approval for issuing the proposed rule before us today is a critical step to increasing cybersecurity awareness and protection within the financial system,” Chairman Todd M. Harper said. “Federally insured credit unions are not only the system’s first line of defense, but they are also the NCUA’s eyes and ears. When credit unions report these types of incidents, they may very well be helping to keep our nation secure from similar cyberattacks elsewhere.”
Under the proposed rule, a FICU would be required to report a cyber incident that leads to a substantial loss of confidentiality, integrity, or availability of a member information system as a result of the exposure of sensitive data, disruption of vital member services, or that has a serious impact on the safety and resiliency of operational systems and processes.
Comments on the proposed rule must be received no later than 60 days following publication in the Federal Register.
Board Approves Threshold for Determining the Appropriate Supervisory Office
The NCUA Board approved a final rule(opens new window) that amends the NCUA’s regulations to change the $10 billion asset threshold for assigning federally insured credit unions to the Office of National Examinations and Supervision (ONES).
“With the rapid balance sheet growth across the credit union system since the onset of the pandemic, especially for the largest of credit unions, recalibrating the threshold was always a question of when, not if,” Chairman Harper said. “Approval of the final rule is a significant acknowledgement of the industry’s ongoing maturation and the evolving role the NCUA plays in supervising and insuring our nation’s largest credit unions. This change provides for new development opportunities for examiners, providing a smoother transition for consumer credit unions that will eventually transfer to ONES’ supervision, and enhancing knowledge sharing and expertise between ONES and regional staff.”
Effective January 1, 2023, credit unions with assets between $10 billion and $15 billion will be supervised by their appropriate Regional Office. All credit unions above $10 billion in assets currently supervised by ONES will continue to be supervised by that office under the final rule. Credit unions that cross the $15 billion threshold will by supervised by ONES. The proposed rule does not alter any other regulatory requirements for credit unions covered under these regulations.
ONES began operations in 2013 and oversees the largest and most complex credit unions in the credit union system. It also supervises the corporate credit union system.
Briefing Provides Update on NCUA’s Mid-year Budget
The Chief Financial Officer reported(opens new window) the NCUA will have an estimated $18 million surplus in the Operating Fund at the end of the year due primarily to a surplus projection in pay and benefits and travel. The estimates for other budget categories are materially unchanged from the approved budget. The budget for the National Credit Union Share Insurance Fund administrative expenses is projected to have a surplus of approximately $0.6 million.
Said Chairman Harper, “A surplus is both a reflection of sound and prudent financial management and an opportunity to ask whether we can use these financial resources to address important short-term and long-term needs, as well as whether we can prudently return part of this surplus to credit unions. As a steward of the credit union system, the NCUA Board has a responsibility to wisely spend, save, invest, and refund these extra dollars. Credit union members are counting on us to exercise fiscal restraint.”
The Chief Financial Officer stated that no Board action to adjust the approved 2022 budget is needed.
The NCUA will continue to refine its estimates for other cost categories and will provide additional information about the agency’s budget and expenses on its website.
The NCUA tweets all open Board meetings live. Follow @TheNCUA(opens new window) on Twitter, and access Board Action Memorandums and NCUA rule changes at www.ncua.gov. The NCUA also live streams, archives and posts videos of open Board meetings online.
About National Credit Union Administration (NCUA)
The NCUA is the independent federal agency created by the U.S. Congress to regulate, charter and supervise federal credit unions. With the backing of the full faith and credit of the United States, the NCUA operates and manages the National Credit Union Share Insurance Fund, insuring the deposits of more than 124 million account holders in all federal credit unions and the overwhelming majority of state-chartered credit unions. The NCUA also protects consumers and educates the public on consumer protection and financial literacy issues.