Helping credit unions stay in compliance with NCUA requirements by training and testing your key personnel on member security-related requirements.

Attention members of the National Credit Union Administration (NCUA):

Are you aware of the compliance requirements for training and testing your security plan?

Here's WHY it matters:

"The FBI (Federal Bureau of Investigation), along with CISA (Cybersecurity and Infrastructure Security Agency), and the NSA (National Security Agency) encourage credit unions of all sizes and their cybersecurity teams nationwide to adopt a heightened state of awareness and to conduct proactive threat hunting.

In addition, COVID-related supply chain disruptions may require management to reevaluate previously held assumptions for business continuity and disaster recovery plans." - NCUA News Brief, 2022

Here's WHAT you need to KNOW:

Code of Federal Regulations (CFR) Title 12 Chapter VII Subchapter A Part 748; Guidelines for Safeguarding Member Information;

Appendix A; Paragraph III.C.2.; Training

“... a credit union’s information security program should include a training component designed to train employees to recognize, respond to, and report unauthorized attempts to obtain member information.”
“ … the final guidelines amend the provision governing training to state that a credit union’s information security program should include a training component designed to implement the credit union’s information security policies and procedures. The NCUA believes that the appropriate focus for the training should be on compliance with the credit union’s security program generally and not just on the limited aspects identified in proposed III.C.2.”

Appendix A; Paragraph III.C.3.; Testing

“An information security program should include regular testing of key controls, systems, and procedures. The proposal provided that the frequency and nature of the testing should be determined by the risk assessment and adjusted as necessary to reflect changes in both internal and external conditions. The proposal also provided that the tests are to be conducted, where appropriate, by independent third parties or staff independent of those that develop or maintain the security program.”

Read the full federal regulation here.

What is the NCUA?

The National Credit Union Administration or NCUA is an independent agency of the U.S. Government (Office of Consumer Financial Protection).

The NCUA regulates, charters, and insures the nation’s federal credit unions.
In addition, the NCUA insures state-chartered credit unions that seek and qualify for federal insurance.
In most states, state law requires state chartered credit unions to be federally insured.
Learn more about the NCUA here.

Here's WHAT you need to DO:

Review your organization's security plans to ensure compliance with federal regulations and industry best practices.
If there are concerns or if you're deficient in any area, contact TEAM Solutions or another trusted adviser to assist in strengthening your credit union's preparedness for and resilience to today's threats.

Here's HOW to get HELP:

TEAM Solutions understands the unique requirements for operating in a regulated credit union environment.

In addition to advising the C-Suite (Directors and Executives) on considerations for navigating the strategic impacts of a threat (including cyber threats), we have facilitated numerous workshops and exercises to strengthen the operational resilience of the credit union organization.
Contact us below to see how we can help you and your team with a customized training and exercise program.

Stay compliant and join other financial institutions who are building the capability to prepare for, respond to, and recover from a 21st century cyber threat.

Connect with us confidentially to see if we are a good fit for you.

Cyber Response Training for Financial Institutions