What you need to know in 2022: InTREx-CU

As 2022 quickly approaches, credit unions are in for a significant change to their examination protocols. Back at the beginning of this year, the National Credit Union Administration (NCUA) ’s 2021 Supervisory Priorities revealed that “the agency has reprioritized away from performing facilitated Automated Cybersecurity Evaluation Toolbox cybersecurity maturity assessments, to piloting the Information Technology Risk Examination for Credit Unions (InTREx-CU). […] ACET will become a self-assessment resource for credit unions, supported by the NCUA.” This program spent most of 2021 as a pilot and will come as a slight shift from what credit unions are used to preparing for. This blog will explore how this transition directly impacts your credit union.

What is InTREx-CU?

InTREx-CU is an enhanced program that focuses on cybersecurity preparedness assessment and discloses more in-depth examination results through component ratings. This new program will aid credit unions with identifying gaps in security controls and encourage examination harmony across the financial sector. Both examiners and credit unions will be armored with the tools needed to identify potential high-risk areas in its security programs and address any deficiencies within the program. The transition in InTREx has been broken down into several different phases. Phase 1 involves a pilot that will focus on statements and questions, associate job aids, and examination procedures.


continue reading »