NCUA Board Issues Proposed Rule on Cyber Incide

Proposed Rule on Reportable Cyber Incidents Approved by Board

The NCUA Board approved a proposed rule that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.

Under the proposed rule, a FICU would be required to report a cyber incident that leads to a substantial loss of confidentiality, integrity, or availability of a member information system as a result of the exposure of sensitive data, disruption of vital member services, or that has a serious impact on the safety and resiliency of operational systems and processes.

Board Approves Threshold for Determining the Appropriate Supervisory Office

The NCUA Board approved a final rule that amends the NCUA’s regulations to change the $10 billion asset threshold for assigning federally insured credit unions to the Office of National Examinations and Supervision (ONES).

Effective Jan. 1, 2023, credit unions with assets between $10 billion and $15 billion will be supervised by their appropriate regional office. All credit unions above $10 billion in assets currently supervised by ONES will continue to be supervised by that office under the final rule. Credit unions that cross the $15 billion threshold will by supervised by ONES. The proposed rule does not alter any other regulatory requirements for credit unions covered under these regulations.

For the full article, please visit NCUA.