Newsroom

January 31, 2019

NAFCU, Treasury meet on CU cybersecurity priorities

cybersecurity NAFCU's Carrie Hunt and Andrew Morris will meet with the Treasury Department today to discuss cybersecurity initiatives and share credit unions' perspective on the issue, including institutions' efforts to bolster their cybersecurity, regulatory challenges and tools and resources used for compliance.

Hunt, NAFCU's executive vice president of government affairs and general counsel, and Morris, NAFCU's senior counsel for research and policy, will meet with Brian Peretti, director of Treasury's Office of Critical Infrastructure Protection (OCIP) and Compliance Policy.

NAFCU – a leading advocate for national data security standards – continues to push for the adoption of data and cybersecurity standards for all entities that hold consumers' information. The association's October Economic & CU Monitor survey detailed the impact of costs of cybersecurity risk on credit unions, particularly from merchants. More than four-fifths of credit union respondents reported that they were impacted by a local merchant breach within the past two years.

Under current law, financial institutions, including credit unions, are governed by the Gramm-Leach-Bliley Act. NAFCU has been advocating for the creation of a national data security law, which would hold merchants and other entities to standards similar to those currently upheld by financial institutions. Last year, this sentiment was echoed by the Treasury Department as they formally recommended that Congress enact a federal data security and breach notification law.

Both the House Financial Services Committee and Senate Banking Committee have noted data security legislation as a priority for the 116th Congress to ensure consumers are protected. The NCUA also has identified using its Automated Cybersecurity Examination Tool (ACET) to evaluate credit unions' cybersecurity risk as an examination priority.

NAFCU will also discuss the changing landscape of credit union cybersecurity exams. The October Monitor revealed that the portion of credit unions' NCUA exams dedicated to cybersecurity substantially increased from 2017 to 2018. NAFCU has encouraged the NCUA to strengthen cybersecurity efforts while also providing flexibility for credit unions to adopt controls that fit their needs.

The meeting will also cover resources from the OCIP for technical assistance for credit unions.