Cybersecurity and Bank Secrecy Act compliance are at the top of the list of priorities for NCUA in its supervisory agenda for the New Year, according to a “Letter to Credit Unions” (LTCU 17-CU-01) issued by the agency Thursday.
In the letter to the financial institutions, the federal credit union regulatory agency noted it “plans to increase our emphasis on cybersecurity by enhancing the examination focus with a structured assessment process,” which it said it anticipates completing this process late this year. In the meantime, the agency said it will continue to carefully evaluate credit unions’ cybersecurity risk management practices.
Regarding BSA compliance, NCUA said it remains “vigilant in ensuring the credit union system is not used to launder money or finance criminal or terrorist activity.” The agency said that field staff will focus on credit unions’ relationships with money services businesses (MSBs) and other accounts that may pose a higher risk for money laundering (a recent concern for the agency).
“Credit unions that provide services to an MSB or other types of high-risk businesses need specialized procedures in place to appropriately classify risk and determine the depth and intensity of monitoring that is necessary,” the agency said. “Credit unions are expected to perform appropriate due diligence, analysis, and monitoring when providing services to MSBs and other high-risk accounts.”
Other priorities that the agency highlighted in its letter were internal controls, interest rate and liquidity risk, commercial lending and consumer compliance.