Removing Barriers Blog

NCUA Board Holds April Meeting
Posted April 22, 2021 by CUNA Advocacy

Interim Final Rule – Capital Adequacy; Prompt Corrective Action (Part 702)

The Board was briefed on an interim final rule adopted last week by notation vote, at which time the rule became effective. The rule is substantially similar to a rule adopted last year that expired at the end of 2020. The rule makes the following temporary changes to its PCA regulations to help credit unions remain operational and liquid during the COVID–19 pandemic:

  1. It allows the Board to waive the earnings-retention requirement for adequately capitalized credit unions.
  2. It allows undercapitalized credit unions to submit a streamlined net worth restoration plans if the credit union’s reduction in capital was caused by temporary share growth associated with the pandemic.

These temporary modifications will be in place until March 31, 2022.

The agency is accepting comments on the rule until June 18.

As detailed in a recent Removing Barriers Blog post, we have been pushing the NCUA to adopt the temporary changes included in this interim final rule. We appreciate the Board pursuing these changes aimed at PCA flexibility, which we sought in a joint CUNA/AACUL letter sent to the Board last month.

Though not directly related to this agenda item, the Board made comments pertaining to the NCUSIF, including remarks from Board Member Hood on considering temporarily decreasing the Fund’s normal operating level to 1.30% if losses are greater than or projected to be greater than anticipated.

 

Board Briefing – Cybersecurity Update

Johnny Davis, Special Advisor to the Chairman for Cybersecurity, provided a cybersecurity update to the Board.

According to the briefing, the top threats to credit unions are:

  • Historical threats that are still relevant (some with new variants):
    • Ransomware
    • Malware/Phishing
    • Identity Theft
    • Denial of Service
    • ATM Skimming
  • Pandemic Themed Attacks
  • Supply Chain Attacks

The briefing also noted top mitigation trends:

  • Organizational Awareness & Training
  • Dynamic Asset and Access Awareness
  • Effective security controls
  • Security Product/Service Consolidation
  • Enhanced Remote User Security Emphasis
  • Breach and Attack Simulation
  • Continuous Monitoring (rapid detection and response)

Chairman Harper reminded credit unions that as part of the NCUA’s 2021 Community Development Revolving Loan Fund grant initiative, between May 3 and June 26, LICUs can apply for up to $7,000 in grants to strengthen their cybersecurity defenses.

Board Member Hood discussed with Davis the staffing requirements that would be necessary if the agency were to be granted authority by Congress to oversee third-party vendors. Davis noted a possible approach could be for the agency to focus on only certain significant service providers in the core processor and payment arenas. According to Davis, such an approach might call for around eight to eleven additional staff, at an approximate annual cost of between $1.7 million and $2 million.