NCUA board approves risk appetite statement; briefed on Central Liquidity Facility and cybersecurity

The National Credit Union Administration Board held its ninth open meeting—and second in person—of 2022 and approved the agency’s Enterprise Risk Appetite Statement, which helps the agency align risks and opportunities when making decisions and allocating resources to achieve the agency’s strategic goals and objectives.

The NCUA Board was also briefed on the state of the Central Liquidity Facility (CLF) and cybersecurity trends affecting federally insured credit unions and the broader financial system.

Board approves new Enterprise Risk Appetite statement

The NCUA board unanimously approved the NCUA’s new enterprise risk appetite statement prepared by the agency’s Enterprise Risk Management Council. The statement is a management tool that provides guidance from agency leadership to managers and staff on the amount of risk the NCUA is willing to undertake in pursuit of its objectives.

Briefing highlights Central Liquidity Fund’s status for 3rd quarter

The Central Liquidity Facility president briefed the NCUA board on the status of the Central Liquidity Fund as of Sept. 30, 2022. The briefing covered liquidity and contingency funding plans, liquidity sources and needs, CLF advances, and membership requirements. The CLF president also discussed enhancements to the CLF’s processes and structures to ensure it can serve as an effective liquidity backstop for the credit union system, should the need arise.

Cybersecurity threats continue, NCUA launches ISE program at year-end

Ransomware, cloud migration, and distributed denial-of-service attacks are contributing to a dynamic threat landscape that creates evolving risks for federally insured credit unions, according to a briefing, provided to the NCUA board by the agency’s Critical Infrastructure Division. Additionally, rising geopolitical tensions continue to increase the potential for cyberattacks on the financial system and other parts of the nation’s critical infrastructure.

The briefing also outlined good cyber hygiene practices, summarized the NCUA’s proposed cyber incident reporting rule, and provided an update on the NCUA’s Information Security Examination (ISE) Program. This new examination program offers flexibility for credit unions of all asset sizes and complexity levels while providing examiners with standardized review steps to facilitate advanced data collection and analysis. These new examination procedures will assist the credit union system in preparing for, withstanding, and recovering from cybersecurity threats. The ISE examination procedures will be deployed at the end of 2022.

For more information on these updates, visit NCUA.