The National Association of Federally-Insured Credit Unions (NAFCU) commented last week on a report released by the National Credit Union Administration (NCUA) on cybersecurity.
The NCUA’s report, the annual Cybersecurity & Credit Union System Resilience Report, said, among other things, that the lack of third-party vendor authority has frustrated its ability to manage cyber-related risk.
NAFCU officials stated last week that the organization is opposed to granting the NCUA additional third-party vendor authority. The association has argued that “[t]he NCUA has not explained in sufficient detail the need for such authority, as these vendors are already examined by other regulators.”
Of particular note, the NCUA report dives into its recent implementation of the revamped Information Security Examination (ISE) program, compliance with cybersecurity rules for federal agencies under the Federal Information Security Modernization Act and highlights technical resources such as grant programs and webinars.
Additionally, the NCUA report describes current and emerging threats such as events related to geopolitical tensions, ransomware, supply chain risk, and third-party risk.
NAFCU officials added that they support a regulatory framework that grants credit unions appropriate discretion and flexibility to evaluate risks and keep members safe.
NAFCU is a direct membership association for federally-insured credit unions. Its mission is to strengthen credit unions by providing the best federal advocacy, education, and compliance assistance in the industry.