ARLINGTON, Va.–NAFCU has sent a letter to the Federal Financial Institutions Examination Council (FFIEC) member agencies regarding the proposed collection of information required under the FFIEC Cybersecurity Assessment Tool (Assessment) urging it to keep compliance voluntary.
That tool can be utilized by individual credit unions of all asset sizes to identify their individual risks and assess their cybersecurity preparedness.
The letter, from NAFCU Regulatory Affairs Counsel Kavitha Subramanian called on NCUA to not make the cybersecurity tool a regulatory requirement.
"Cybersecurity poses a unique threat to individual institutions since it requires management discretion about the credit union’s risk appetite and cyber maturity. As such, cybersecurity is not an issue that can be solved with more regulatory red tape," wrote Subramanian. “Instead, emerging cyber risks must be addressed by adopting solutions that are scalable and nimble enough to be used both on an institution-level and industry-wide basis to identify and respond to the ever-changing threat landscape.”