A panel focused on the hot-button issues involving legislative, regulatory and examination expectations at CU Times’ virtual cybersecurity conference, Defending Your Credit Union Against Data Breaches.
Michael Ogden, executive editor of the Credit Union Times, served as moderator for a panel including Larry Fazio, director of examination and insurance at the NCUA; Carrie Hunt, general counsel at NAFCU; and David Baumann, Washington Correspondent of the Credit Union Times.
Fazio provided an overview of the industry before tacking the top problem credit union trends, which start with interest rate risks and cybersecurity. “We’re all sensitized to the real risks cybersecurity presents,” Fazio said. Other areas of concern include unauthorized access to member information and incident response, the Bank Secrecy Act, TILA-RESPA and CUSO reporting.
When it comes to cybersecurity, Fazio described the challenge of having more interconnected devices than people have today. Everything from smartphones to TVs and refrigerators are connected. In addition, Fazio said “credit unions are no longer flying under the radar – credit unions are targets of cybercriminal activity.”
Fazio also explained the NCUA is working to incorporate the FFIEC Releases Cybersecurity Assessment Tool into its exam procedures by the end of 2017.
Hunt described data security as a top NAFCU priority. “It is not a new issue, but breaches are happening more and more,” Hunt said. Breaches on a national scale of businesses such as Target, Home Depot, and Wendy’s have had a great affect on CU members.
A NAFCU survey found on average credit unions spend $136,000 on data breach measures; and $226,000 on costs associated with merchant data breaches.
Hunt explained that NAFCU has called for Congress to implement national data security standards for retailers. NAFCU believes the bipartisan legislation S. 961, also known as the Data Security Act of 2015, which is currently before Congress, would set a national data security standard for retailers akin to the Gramm-Leach-Bliley Act and would hold retailers accountable for breaches occurring on their end while acknowledging financial institutions’ existing adherence to GLBA standards.
Baumann noted It is going to be difficult for Congress to tackle a data security issue given the limited number of days it will be in session for the rest of the year. “It is very unlikely anything will get passed this year.”
