Newsroom
ECU Monitor explores NCUA’s InTREX-CU exam
NAFCU's latest Economic & CU Monitor – now available for download – examines NCUA cybersecurity examination trends, which was a major focus for the agency during Cybersecurity Awareness Month this past October.
During the NCUA’s October board meeting, the agency highlighted its work on cyber-related resources and other supervisory tools. Of note, the Board discussed its InTREX-CU exam, modeled after cybersecurity examination procedures adopted by other federal regulators. The agency has piloted the exam program for 18 months and expects updates within the next year, with a final rollout scheduled for Sept. 2022.
Through last month’s survey, credit unions shared their feedback on cybersecurity exams and proposed legislation addressing ransomware attacks. Responses found that, given the NCUA’s continued prioritization of cybersecurity as a supervisory concern, “it is not surprising that the portion of exams and the document requests related to this topic have each grown in recent years.”
The survey also revealed that the share of respondents with a dedicated chief information officer grew from 35 percent in 2019 to 56 percent in 2021.
While 43 percent of respondents saw the InTREX-CU exam as “more burdensome overall” relative to previous cyber exams, 29 percent considered it “less burdensome”. When asked how they benchmarked cybersecurity capabilities and gaps when not using the NCUA’s Automated Cybersecurity Examination Toolbox (ACET), credit unions offered alternatives including IT audits, NIST Cybersecurity Framework, PCI standards, as well as a few other options. Based on a comparison of ACET scores reported in 2019, the results suggested that “the overall level of cybersecurity maturity is improving as measured by the highest maturity level sustained across all five domains in the assessment.”
Of note, respondents shared their take on cybersecurity legislation aimed at improving cyber incident reporting across economic sectors, to which the group shared a general desire (93 percent) for consistency with NCUA regulations.
NAFCU relies on survey responses to provide its members a glimpse of trends affecting the credit union industry as a whole and inform the association’s advocacy efforts. This month, credit unions are encouraged to provide insights on regulatory and legislative hot topics. The deadline for participation is Dec. 8.
For more on NAFCU's award-winning research team, check out the association's Macro Data Flash reports for insights into interest rates, auto sales, home market.