WASHINGTON—NCUA’s proposed rule establishing a 72-hour period for credit unions to provide notice of a reportable cyber incident would likely add more administrative burden to credit unions, NAFCU is saying.
NAFCU wrote to the NCUA to offer its recommendations on NCUA’s proposed rule.
In the letter, NAFCU Senior Counsel for Research and Policy Andrew Morris provided nine recommendations it said would ease the burden of this rule, including:
- Recognize a compliance safe harbor for a credit union that makes good faith efforts to perform a reasonable assessment of a cyber incident
- Clarify core terminology
- Streamline communication with supervisory teams
- Clarify the relationship between overlapping reporting standards
- Avoid conflict with current and future cyber incident reporting requirements
- Recognize a credit union has the final say to report any third-party cyber incident
- Calibrate reporting thresholds to avoid requiring a credit union to report incidents that happen outside the credit union’s domain
- Ensure proper coordination exists with other federal regulators
- Clearly state that any cyber incident notifications given to the NCUA are confidential
- Reducing Overlap
‘Improve Resilience’
NAFCU said it believes these recommendations would improve clarity and reduce overlap if the NCUA decides to proceed with a final rule. The association added that it also requests the agency use the information it collects from credit unions to “improve the security and resilience of the industry,” as well as hold more cybersecurity briefings for credit unions.
The Very Best in CU Reporting. For You. For Free. Or Your Money Back
Don’t forget to check your Spam/Junk email folder if you haven’t been receiving your free, popular and daily CUToday.info news headlines.
And if you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time.
CUToday.info has received very positive response from readers following the move to an improved provider of the daily headlines, but many also noted they did need to go to their Spam/Junk folder and mark it as safe.
The new email solution has not only improved every reader’s delivery experience, but it also features a fresh, new format that is easy to read, especially on mobile devices.
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com.