NCUA Board briefed on cybersecurity events, prompt corrective action rule

At its Thursday meeting via live audio webcast, the NCUA Board did not vote on any items, but was briefed on two matters:

  • current cybersecurity events and trends affecting federally insured credit unions and the broader financial system; and
  • an interim final rule that temporarily modifies two areas of NCUA’s prompt corrective action regulations.

During the meeting, Rodney Hood, former NCUA chairman, reportedly commented that Thursday’s agenda was “extremely light,” according to CUTODAY. “I hope we can work together in a bipartisan fashion in the months ahead to have board agendas that are much more robust,” CUTODAY reported Hood saying. “The credit union community and this board deserve it.”

Evolving cyberthreats
Citing increased cybersecurity vulnerabilities for federally insured credit unions and other financial servicers due to the COVID-19 pandemic, the board was briefed on the top threats facing the industry, which include ransomware, malware and phishing attacks, identity theft, denial of service, ATM skimming, pandemic-themed attacks and supply chain attacks.

Particularly, supply chain risk is a significant threat to financial services because of the layered dependencies that exist in a complex, multi-service provider environment found in the financial services sector, according to the briefing.

The NCUA is encouraging credit union boards of directors to use previously issued advisories to review their relationships, assess and mitigate risk as it relates to their specific supply chain and continue to strengthen their institution’s cyber vigilance and preparedness efforts.

Todd M. Harper, NCUA chairman, also encouraged eligible low-income credit unions to apply for up to $7,000 in funding to strengthen their cyber defenses as part of the agency’s Community Development Revolving Loan Fund grant initiative. The application period runs May 3 through June 26, and additional information about is available on the NCUA website.

Cyber information for credit unions, including regulations and guidance, along with information about protecting themselves and their members from cyber threats is available on the NCUA’s cybersecurity resources webpage.

Prompt corrective action relief
The board was also briefed on the interim final rule approved on April 16 that temporarily modifies certain regulatory requirements to help ensure federally insured credit unions remain operational and able to provide needed financial services during the COVID-19 pandemic.

Specifically, the interim final rule makes two temporary changes to the NCUA’s prompt corrective action regulations:

  • The first change temporarily reduces the earnings retention requirement for federally insured credit unions classified as adequately capitalized.
  • The second change temporarily permits an undercapitalized credit union to submit a streamlined net worth restoration plan if it becomes undercapitalized predominantly because of share growth. If a credit union becomes less than adequately capitalized for reasons other than share growth, it must still submit a net worth restoration plan under the current requirements in NCUA’s regulations.

“Given the ongoing uncertainty associated with the pandemic and continued elevated levels of insured share growth resulting from the third stimulus package, many well-run credit unions with positive earnings could continue to experience falling net worth ratios this year despite being well managed and fundamentally safe and sound,” Harper said. “As a result of this change, eligible credit unions will be able to focus their limited resources on serving their members’ needs — especially those of modest means and those disproportionately affected by the pandemic — instead of planning for earnings transfers and developing detailed net worth restoration plans.”

Additional details about Thursday’s meeting can be accessed on the NCUA website. The next NCUA board meeting is at 10 a.m. on May 20, and can be livestreamed at

Leave a Reply