1. What Is MERIT?
The Modern Examination and Risk Identification Tool (MERIT) is NCUA’s modernized examination tool replacing AIRES. NCUA is piloting MERIT with a limited number of NCUA staff, state supervisory authorities, and credit unions in 2019. We are planning to make the portal available to all credit unions and state regulators in 2020.
2. How Can Credit Unions Use MERIT to Interact with Examiners?
Beyond providing a better tool to examiners, our objectives include implementing more efficient and secure ways to interact with credit unions during the examination process. To that end, our requirements for the new examination solution included ways for credit unions to securely send documents and data files to examiners, retrieve examination reports, and respond to examination findings through MERIT. Additional information about MERIT will be available once the pilot is complete.
3. Do Examiners have Access to the Document Request Survey Before it is Submitted and Complete?
4. How do I Get Access to MERIT?
Once the 2019 pilot is complete and the NCUA Connect administrator for your organization grants access to NCUA Connect, users will request access to MERIT through the NCUA Connect “Add Apps” function. Additional information will be made available once the pilot is complete.
5. What Are NCUA’s Information Security Requirements?
The NCUA exercises great care in protecting sensitive information such as personally identifiable information and its information systems. As a federal agency, the NCUA must comply with security standards for federal information and information systems. All systems operated by the NCUA must meet the minimum information security requirements established by the National Institute of Standards and Technology. In addition to NIST standards and guidelines, the NCUA is subject to federal statutes such as the Federal Information Security Modernization Act of 2014, the E-Government Act of 2002, the Privacy Act of 1974 and various OMB policies and guidance concerning federal information management, FISMA reporting, and privacy.
The NCUA uses administrative, technical, and physical controls, including but not limited to: assessment and authorization of information systems; proactive threat assessments and continuous monitoring; and annual general and role-based security training for employees and contractors.
The Office of the Inspector General conducts independent audits, investigations and other activities to verify the NCUA’s compliance with applicable standards, laws and regulations related to privacy and information security. The derived reports are used to keep the NCUA Board and U.S. Congress informed of any deviation from requirements.