The National Credit Union Administration (NCUA) is an independent federal agency that charters and supervises federal credit unions, insuring the savings of over 80 million account holders in federal and most state-chartered credit unions across the country through the National Credit Union Share Insurance Fund (NCUSIF), a federal fund that is backed by the credit and “good faith” of the United States government.
The NCUA requires that each federally insured credit union have a written member information security program that, at a minimum, ensures the security and confidentiality of member records and information; protects against any anticipated threats or hazards to the security or integrity of such records; and protects against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any member.
Further, it requires that each credit union assess the level of risk related to its business by:
1) Identifying reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse or destruction of member or member information systems;
2) Determining the likelihood and potential damage of such threats, based on the sensitivity of member information;
3) Assessing whether the policies, procedures and information systems in place are sufficient to control these risks.
Finally, the NCUA requires that each credit union “manage and control risk” based on the realities of the business (size, complexity, etc.), and recommend security measures that are appropriate to their environment, including access controls and user authentication; access restrictions at physical locations containing member information; encryption of electronic member information; procedures to ensure security program consistency; ongoing monitoring to detect and prevent intrusions or attacks; and regular testing of key controls, systems and procedures relating to the information security program.
Compliance with these security standards is critical to the ongoing business operations of federal and state-chartered credit unions. Failure to comply may result, not only in regulatory sanctions and fines, but also direct business loss as a result of lawsuits, damage to an organization’s reputation and degradation of the public’s trust.
ISGRM Group offers a full suite of Professional Services and experts to assist your credit union in efficiently and cost-effectively implementing the NCUA guidelines identified above and comply with NCUA requirements.
For further information on NCUA Compliance Requirements, please contact one of our Sales representatives by calling (954) 800-0397 or by completing our Online Inquiry Form