The Morning After

March 31, 2015 at 7:45 am Leave a comment

Just as you should have a plan to rapidly recover your credit union operations in the event of a natural disaster, so too should you have a plan to rapidly get up and running in the event your credit union is victimized by a cyberattack. That’s my main take-away from a joint guidance issued yesterday by the FFEIC, a group of financial regulators that of course includes the NCUA.

In addition to underscoring the importance of cyberattack recovery, the regulators are using the guidance to emphasize the importance of ongoing assessments and monitoring of your existing computer systems. For example, you are expected to maintain an ongoing risk assessment system that considers new and evolving threats and conduct regular audits to review who has access to vital systems.

Now for some more general points, in light of the Supreme Court’s recent decision upholding the right of the Department of Labor to reinterpret existing law simply by issuing a new letter, guidances of all types, including those issued by the FFEIC, are as binding on your credit union as if a new regulation had just been promulgated. The FFEIC typically claims that it is doing nothing more than synthesizing existing requirements, but at the very least make reviewing this memo a compliance priority.

In addition, notice how the regulators are not going to let smaller institutions off the hook. Obviously, the steps a $20 million credit union takes to both guard against and recover from malware attacks are not going to be as extensive as the steps taken by a $1 billion institution, but steps need to be taken nonetheless. The regulators have a point since the bad guys have demonstrated an increasing willingness to go after the data stored by smaller institutions, I’m concerned that without a serious attempt on the part of the industry to pool resources, increasing computer costs in conjunction with existing compliance mandates will make it that much more difficult for any small credit unions, or true community banks for that matter, to survive.

Entry filed under: Compliance, Regulatory. Tags: , , .

Do Nice Guys Really Finish Last? If you have an employee handbook you have to read this…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 446 other followers

Archives