Removing Barriers Blog

FFIEC Agencies Reiterate Voluntary Nature of Cybersecurity Assessment Tool
Posted December 17, 2015 by CUNA Advocacy

Yesterday, the NCUA, together with the other members of the Federal Financial Institutions Examination Council (FFIEC), published a notice and request to the Office of Management and Budget seeking to extend the FFIEC’s information collection regarding cybersecurity. In a September letter to the FFIEC, we urged the agencies to ensure the FFIEC’s cybersecurity assessment tool remains voluntary. Responding to our comments and others, yesterday’s notice makes clear that the Assessment is and will continue to be voluntary.

“The agencies’ examiners will not require a financial institution to complete the Assessment. However, if a financial institution has completed an Assessment, examiners may ask the financial institution for a copy, as they would for any risk self-assessment performed by the financial institution. The Agencies are educating examiners on the voluntary nature of the Assessment and including statements about its voluntary nature in examiner training materials.”

While we are encouraged by these comments from the FFIEC member agencies, we ask credit unions to let us know if your examination experience is contrary to these remarks.