The coronavirus pandemic has forced both credit unions and the National Credit Union Administration (NCUA) to adjust how they do business. The NCUA published a statement (updated on May 15, 2020) noting that it recognizes that COVID-19 will affect credit unions and their members to varying degrees, yet remains committed to ensuring compliance and reporting mandates for credit unions.
Credit unions are used to being in a constant cycle of compliance reporting, but doing so in today’s remote working environment is new to most. As we mentioned in a recent blog post, the NCUA has taken steps to be flexible with examinations and audits, stating that “…if credit unions are able to provide documents, information and staff, examinations will continue as usual, just in an offsite manner…” and that “examiners will not require a credit union to provide information to conduct offsite examination work.” The NCUA also issued language that allows it to make exceptions as needed based on the impact of the pandemic on a specific credit union.
So, while there’s more flexibility in terms of scheduling and information gathering, exams and audits are still being scheduled and held. Fortunately, many of the existing resources used to maintain credit unions’ compliance and reporting are available online and still fully applicable today. This includes the NCUA’s Automated Cybersecurity Examination Tool (ACET).
In 2018, the NCUA began using the ACET to assess credit unions’ cybersecurity maturity. The ACET enables credit unions to input information and get back readable results they can easily leverage, versus spitting out a PDF that’s difficult to interpret. As of early 2020, credit unions are able to complete self-assessments through access to the latest version of the ACET on NCUA’s website. This means that the process of completing the ACET today is the same as it was pre-pandemic, since everything is online.
The ACET and the CAT
So, how should you start the process of completing the ACET? As a first step, we recommend completing the Federal Financial Institutions Examination Council's (FFIEC) Cybersecurity Assessment Tool (CAT), which is another free online tool. The ACET is based on the CAT, so if you’ve completed the CAT, you’re already halfway done with the ACET. The FFIEC provides an incredibly helpful PDF on the CAT that has a two-part section on completing the assessment.
So, while COVID-19 has impacted credit unions in countless ways, many of the online tools and resources for credit unions have remained unchanged – and we still urge you to continue using them. According to a recent article in Credit Union Times authored by our very own Kevin Landt, vice president of product management at Cygilant:
Credit unions face a unique set of challenges. They must ensure data protection and meet strict compliance requirements as laid out by the FFIEC. However, as a not-for-profit, your IT teams, dedicated cybersecurity resources and budgets may be stretched thin. Tools like the FFIEC IT Exam Handbook and CIS framework offer excellent, free resources for helping build your credit union’s cybersecurity posture – regardless of maturity level or preparation for an audit.
Cygilant for Credit Unions
In addition to the free online resources that we’ve talked about above, Cygilant provides credit unions and financial service organizations access to a dedicated team of cybersecurity experts with the technology, experience and processes to tackle cyber security threats proactively. It’s our mission to liberate you from the stress, excess cost and complexity of having enterprise class security.
For more information about the ACET, CAT, separate statements from both the NCUA and FFEIC regarding the pandemic, and other resources, check out the links provided below.
- Credit Union Audits & Examinations During Coronavirus – What To Expect
- Credit Union Times on “Practical Steps for Improving Credit Union Cybersecurity
- FFIEC Cybersecurity Assessment Tool
- The NCUA has published a FAQ for credit union members that has a wealth of Coronavirus information.
- The FFEIC issued, “Interagency Statement on Pandemic Planning,” which has guidelines on pandemic preparedness and what credit unions can do in advance to prepare for such an event.