MERIT Frequently Asked Questions

General Questions

What Is MERIT?

The Modern Examination and Risk Identification Tool (MERIT) is NCUA’s modernized examination tool replacing AIRES. NCUA is piloting MERIT with a limited number of NCUA staff, state supervisory authorities, and credit unions.

Close and return to top

How Can Credit Unions Use MERIT to Interact with Examiners?

Beyond providing a better tool to examiners, our objectives include implementing more efficient and secure ways to interact with credit unions during the examination process.  To that end, our requirements for the new examination solution included ways for credit unions to securely send documents and data files to examiners, retrieve examination reports, and respond to examination findings through MERIT.  Additional information about MERIT will be available once the pilot is complete.

Close and return to top

Do Examiners have access to the document request survey before it is submitted and complete?

How do I Obtain Access to MERIT?

Once the pilot is complete and the NCUA Connect administrator for your organization grants access to NCUA Connect, users will receive an email notification to set up their NCUA Connect account.  Once complete, users will have access to MERIT.  

Close and return to top

What Are NCUA’s Information Security Requirements?

The NCUA exercises great care in protecting sensitive information such as personally identifiable information and its information systems. As a federal agency, the NCUA must comply with security standards for federal information and information systems.  All systems operated by the NCUA must meet the minimum information security requirements established by the National Institute of Standards and Technology. In addition to NIST standards and guidelines, the NCUA is subject to federal statutes such as the Federal Information Security Modernization Act of 2014, the E-Government Act of 2002, the Privacy Act of 1974 and various OMB policies and guidance concerning federal information management, FISMA reporting, and privacy. 

The NCUA uses administrative, technical, and physical controls, including but not limited to: assessment and authorization of information systems; proactive threat assessments and continuous monitoring; and annual general and role-based security training for employees and contractors.  

The Office of the Inspector General conducts independent audits, investigations and other activities to verify the NCUA’s compliance with applicable standards, laws and regulations related to privacy and information security. The derived reports are used to keep the NCUA Board and U.S. Congress informed of any deviation from requirements.

Close and return to top
Last modified on