If you run a credit union with more than $250 million in assets, and you haven’t previously received a National Credit Union Administration IT security assessment, you’re on the list for this year, according to Credit Union National Association, an advocacy group.
CUNA says the government plans to spend 2019 assessing credit unions’ IT risk management and oversight of service provider arrangement. Examiners will be looking at how the institution, and particularly its board of directors, maintain oversight of cybersecurity issues.
CUNA recommends credit unions use the Cybersecurity Assessment Tool published by FFIEC to prepare for NCUA’s Automated Cybersecurity Examination Toolbox. The president or managing official also must certify compliance with Part 748’s requirements in its Credit Union Profile annually through NCUA’s online information management system
The examinations are tied to NCUA Part 748, including Appendixes A and B.
You can read more about this at the CUNA site.
Meanwhile, if you need help with the FFIEC tool, contact us!