ALEXANDRIA, Va. — Calling this moment in time financial services' "Uber moment," the National Credit Union Administration said the combination of technological innovation, expansion of social media and growing interconnectivity are giving regulators pause about credit unions' cybersecurity efforts.
During a public briefing at Thursday's NCUA Board meeting, representatives of the agency's Office of Examination and Insurance said the changing landscape of cybersecurity carries "more sophisticated" risks and more numerous vulnerabilities for community-based financial institutions, including credit unions.
"Cyber criminals and cyber terrorists are increasingly using innovative online services, new ways to transmit financial information and off-the-shelf toolkits to invade computer networks, snatch personal information and steal money," Rick Metsger, NCUA board chairman, said in a statement. "Credit unions, therefore, must evolve to stay a step ahead of the hackers and thieves knocking on their doors."
To help credit unions, Metsger said NCUA has made cybersecurity a "supervisory priority" since 2013, "and we have conducted extensive training for our examiners along with considerable outreach to credit unions in this area. We will continue to provide these services in the future."
NCUA noted investors poured more than $19 billion into financial technology companies in 2015, spurring payment, lending, banking and wealth management innovations that may replace current service models. The regulator said this type of disruption will, in turn, force rapid adjustments by financial institutions and regulators to their security strategies, including their ability to detect, prevent or recover from cyberattacks.
"With cybersecurity now an integral part of the credit union business model, NCUA will continue to refine its approach to supervision in this area to strengthen the system's resilience to attacks," NCUA said.
The agency maintains a
NCUA said it and its partners in the Federal Financial Institutions Examination Council, an interagency body that promotes uniformity in the supervision of financial institutions, have worked to help financial institutions develop better cybersecurity processes and policies. The council offers services at no charge that include outreach and industry education.
Last year, the council introduced its
Stabilization Fund Continues Positive Net Position
The second agenda item was a briefing on the performance of the Temporary Corporate Credit Union Stabilization Fund, which reportedly "performed well" in the first half of 2016.
For the quarter ending June 30, 2016, the Temporary Corporate Credit Union Stabilization Fund's net position increased from $618.6 million to more than $1 billion, NCUA reported Thursday.
NCUA's chief financial officer briefed the board on the performance of the Stabilization Fund, based on the best available preliminary and unaudited information.
The regulator said the change in the Stabilization Fund's net position resulted primarily from legal recoveries and improvements in projected cash flows relating to the legacy assets that secure the NCUA Guaranteed Notes Program.
A $419.3 million reduction to insurance loss expense and $8.2 million from guarantee fees contributed to the Stabilization Fund's $425.7 net income for the second quarter, NCUA said.
A $700 million payment from available cash to the U.S. Treasury in May decreased outstanding Treasury borrowings to $1 billion during the second quarter from $1.7 billion in the first quarter.
While the Stabilization Fund continues to have a positive net position for 2016, the regulator repeated its oft-repeated statement that "no funds are available to provide federally insured credit unions with an immediate rebate."
"NCUA must first repay the $1 billion in outstanding Treasury borrowings. Future changes in the economy or the performance of the legacy assets securing the NCUA Guaranteed Notes are likely to change the value of the assets the agency and the Stabilization Fund can eventually access at the end of the NCUA Guaranteed Notes Program," the regulator said.
Based on current projections, NCUA said it expects no future Stabilization Fund assessments to credit unions.
Trade Associations React Positively
Immediately following the NCUA board meeting, Carrie Hunt, executive vice president of government affairs and general counsel for the National Association of Federal Credit Unions, said NAFCU "appreciates" the board's discussion of credit union cybersecurity.
"With the agency's recently adopted use of the Federal Financial Institutions Examination Council's Cybersecurity Assessment Tool during credit union exams, we are gratified the agency has heeded our concerns and plans to keep the use of the tool voluntary for credit unions."
"Regarding the stabilization fund, NAFCU and our member credit unions are pleased that no future assessments on credit unions are likely. We welcome NCUA's persistence in securing recoveries from Wall Street firms that sold faulty securities that led to the downfall of five corporate credit unions," Hunt said. "We support the agency's continued efforts in this regard and continue to press for full transparency on the recovery process and any forthcoming rebates to credit unions."
Elizabeth Eurgubian, CUNA's deputy chief advocacy officer, said, "We encourage NCUA to be as transparent as possible while finalizing the exam standards so that credit unions can have certainty with what to expect. We are pleased the NCUA continues to view the cybersecurity assessment tool as voluntary, and hope the agency continues working to reduce the examination burden on credit unions."
