The NCUA Board approved a proposed rule that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.
Under the proposed rule, a FICU would be required to report a cyber incident that leads to a substantial loss of confidentiality, integrity, or availability of a member information system as a result of the exposure of sensitive data, disruption of vital member services, or that has a serious impact on the safety and resiliency of operational systems and processes.
The NCUA Board approved a final rule that amends the NCUA’s regulations to change the $10 billion asset threshold for assigning federally insured credit unions to the Office of National Examinations and Supervision (ONES).
Effective Jan. 1, 2023, credit unions with assets between $10 billion and $15 billion will be supervised by their appropriate regional office. All credit unions above $10 billion in assets currently supervised by ONES will continue to be supervised by that office under the final rule. Credit unions that cross the $15 billion threshold will by supervised by ONES. The proposed rule does not alter any other regulatory requirements for credit unions covered under these regulations.
For the full article, please visit NCUA.
Sign up to the receive the weekly InfoSight eNewsletter email. Existing subscribers can manage their subscription.
Cornerstone members have access to a wide variety of compliance assistance.
Now available on Spotify and Apple Podcasts.