The National Credit Union Administration (NCUA) issued Letter to Credit Unions 23-CU-07 to provide additional guidance on the agency’s “cyber incident notification requirements rule.”
As reported in February, beginning on September 1, 2023, all federally insured credit unions will be required to notify the NCUA as soon as possible, and no later than 72 hours, after the credit union reasonably believes it has experienced a “reportable cyber incident” or received a notification from a third party regarding a reportable cyber incident.
A reportable cyber incident is any “substantial” cyber incident that leads to one or more of the following:
The NCUA guidance summarizes the agency’s rule, provides instructions on what and how to report to the NCUA, includes examples of both reportable (Appendix A) and non-reportable (Appendix B) incidents, and provides a cyber incident reporting quick reference guide to help facilitate incident reporting.
Per the guidance, federally insured credit unions may report a cyber incident through one of the following channels:
Reporting credit unions should be prepared to provide as much of the following information as is known at the time of reporting:
If NCUA requires additional information or clarification, the agency will follow up with the credit union directly.
Your California and Nevada Credit Union Leagues-member benefits also include the Compliance Hotline — providing exclusive access to dedicated compliance experts! Contact the hotline anytime to gain access to a knowledgeable team that’s ready to address all your credit union’s compliance inquiries — promptly and efficiently:
With the Compliance Hotline, you can proactively respond to impromptu questions and issues by receiving clarity and insight on technical topics that normally slow you down. We want to help you unlock the full potential of your League membership by leveraging the resources and support you need to navigate the complex world of compliance effortlessly. We’re ALWAYS just a phone call or email away!
Additional League-Member Compliance Resources
More compliance resources and benefits of League membership include:
For more information or questions, email Leagues Vice President of Regulatory Advocacy and Compliance Lisa Quaranta.
Powered by ViClarity, a California and Nevada Credit Union Leagues company.