ALEXANDRIA, Va. With the explosive growth in mobile banking, NCUA is cautioning CUs not to expand e-banking services without also implementing strong plans to manage risk in this area.
Tim Segerson, NCUA’s deputy director for examination and insurance, told CUs via a webinar the agency will be focusing closely on e-banking policies and procedures in exams starting the second half of the year.
Segerson said what is stepping up NCUA’s interest in e-services risk is the almost unparalleled growth in mobile. “We need to focus on e-banking because it is growing fast and can present sizeable losses in a short period of time.”
The deputy director said CUs can expect examiners to spend time at the CU identifying key e-services risk areas, including looking at architecture and personnel.
“This is an evolving area and not one the credit union can set and forget,” cautioned Segerson, who said examiners will be paying attention to security controls being commensurate with the credit union’s size and scale. “They will expect to see you have thought out your risk control processes, worked with vendors or internally to establish appropriate levels of controls around your menu of e-services. They will look for mitigation and escalation procedures.”
Examiners will receive new training around e-services risk shortly, added Segerson. He said after training is completed, NCUA will release to CUs the questionnaire and work program from the training so credit unions can “better understand what examiners will be looking for.”
