Newsroom

February 10, 2023

NCUA Board set to issue final cyber incident reporting rule

NCUA headquartersThe NCUA Board meets next week and is set to finalize the rule related to cyber incident notification requirements. NAFCU offered recommendations on the proposed rule to improve clarity and reduce regulatory overlap.

The proposed rule would establish a 72-hour period for federal credit unions to provide notice to the NCUA of a reportable cyber incident. NAFCU had flagged an increased administrative burden with this time requirement, and outlined nine recommendations to help reduce the rule’s burden.

The association also requested the agency use the information it collects from credit unions to “improve the security and resilience of the industry,” as well as hold more cybersecurity briefings for credit unions.

In addition, the board during the meeting will consider a proposed rule related to chartering and field of membership. The agency’s fall rulemaking agenda – released earlier this year – indicated this is an effort to remove outdated requirements, simplify the charter approval process, and clarify regulatory language. NAFCU has long advocated for field of membership reforms to allow credit unions to serve more members, especially in underserved communities.

The board will also receive a quarterly update on the Share Insurance Fund. The meeting, set to begin at 10 a.m. Eastern, will be livestreamed on the agency’s website. NAFCU will provide members with updates after it concludes.