Final cyber incident notification rule up for action Thursday by NCUA Board; chartering/FOM, NCUSIF also slated

A final rule on cyber incident notification requirements, a proposal to revise the agency’s chartering and field-of-membership (FOM) manual, and a report on the credit union share (deposit) insurance fund are the three items slated for Thursday’s open National Credit Union Administration (NCUA) Board meeting.

The NCUA Board issued a proposal on cyber incident notification requirements last July in response to an uptick in the frequency and severity of cyberattacks on the financial services sector. The proposal, following along the lines of requirements found in the 2022 Cyber Incident Reporting for Critical Infrastructure Act, would require that a federally insured credit union experiencing a reportable cyber incident report it to the NCUA “as soon as possible and no later than 72 hours” after the institution “reasonably believes that it has experienced a reportable cyber incident.” The comment period closed in September.

Thursday’s open agenda is on the NCUA website and was also in Tuesday’s Federal Register, but the latter version had an error, listing the federal credit union loan rate ceiling (which was acted on in January). The NCUA, on its website, notes that the first item up in Thursday’s meeting is a board briefing on the National Credit Union Share Insurance Fund (NCUSIF) quarterly report. The chartering/FOM proposal and cyber incident notification final rule follow in that order.

Thursday’s NCUA Board meeting is slated to begin at 10 a.m. and can be attended in person at the NCUA’s Alexandria, Va., headquarters and online via YouTube.

NCUA Board Feb. 16 open meeting agenda

NCUA YouTube channel – live

Reg Lookup: Cyber Incident Notification Requirements for Federally Insured Credit Unions