NCUA Reviews of EDP Vendors

91-CU-122 / February 1991
NCUA Reviews of EDP Vendors
To
Board of Directors of the Federally Insured Credit Union
Subject
Cybersecurity
Status
Active
To
Board of Directors of the Federally Insured Credit Union
Subj
NCUA Reviews of EDP Vendors

INFORMATION PROCESSING ISSUES

For your reference, I am enclosing three papers, one from the National Credit Union Administration (NCUA) and two from the Federal Financial Institutions Examination Council (FFIEC), which outline issues related to the automated processing of credit union information.

Many credit unions use information system service bureaus for their data processing needs. There is the potential for certain risks to all financial institutions that contract out for these services. The first paper explains NCUA's program to examine and assess the safety and soundness of organizations that provide data processing services to federally insured credit unions. These reviews will bring NCUA in line with the other federal financial institution regulators that have been per-forming these types of examinations for many years.

On a related issue, the second paper alerts management to specific risks and accounting problems that have been identified in some federally insured financial institutions using data processing services from outside vendors.

NCUA continues to stress the importance of strategic planning in all areas of credit union operations. As such, I am releasing the third paper, addressing the issue of strategic information systems planning as part of the overall planning process for your institution.

For the National Credit Union Administration Board

Roger W. Jepsen

Chairman