New Technologies Mean New Risks and New Cybersecurity Demands

The financial services sector is experiencing an “Uber moment,” experts with NCUA’s Office of Examination and Insurance told the NCUA Board during its September meeting, and technological innovation, the expansion of social networking and growing interconnectivity are fueling fundamental change in cybersecurity procedures and processes.

That change carries with it more sophisticated risks and more numerous vulnerabilities for community-based financial institutions like credit unions. Potential effects on credit unions include higher mitigation costs and lower consumer confidence, as well as greater financial and legal risks.

“Cyber criminals and cyber terrorists are increasingly using innovative online services, new ways to transmit financial information and off-the-shelf toolkits to invade computer networks, snatch personal information and steal money,” NCUA Board Chairman Rick Metsger said. “Credit unions, therefore, must evolve to stay a step ahead of the hackers and thieves knocking on their doors. To help credit unions, NCUA has made cybersecurity a supervisory priority since 2013, and we have conducted extensive training for our examiners along with considerable outreach to credit unions in this area. We will continue to provide these services in the future.”

Investors poured more than $19 billion into financial technology companies in 2015, spurring payment, lending, banking and wealth management innovations that may replace current service models. That kind of disruption will, in turn, force rapid adjustments by financial institutions and regulators to their security strategies, including their ability to detect, prevent or recover from cyberattacks.

With cybersecurity now an integral part of the credit union business model, NCUA will continue to refine our approach to supervision in this area to strengthen the system’s resilience to attacks. The agency maintains a cybersecurity resources webpage that offers extensive, detailed information on cybersecurity matters. Credit unions are encouraged to use this resource.

NCUA and its partners in the Federal Financial Institutions Examination Council, an interagency body that promotes uniformity in the supervision of financial institutions, have worked to help financial institutions develop better cybersecurity processes and policies. The council offers services at no charge that include outreach and education.

Last year, the council introduced its cybersecurity assessment tool to help credit unions and other institutions determine how prepared they are to address cybersecurity risks. NCUA is developing a new cybersecurity component to our examination process that embodies the comprehensive risk-management approach of the cybersecurity assessment tool.