NCUA Board Meeting Summary- April 22, 2021

The NCUA Board held a regularly scheduled meeting today. The following summary provides highlights of the discussion:

Interim Final Rule – Capital Adequacy; Prompt Corrective Action (Part 702)

The Board was briefed on an interim final rule adopted last week by notation vote, at which time the rule became effective. The rule is substantially similar to a rule adopted last year that expired at the end of 2020. The rule makes the following temporary changes to its PCA regulations to help credit unions remain operational and liquid during the COVID–19 pandemic:

  1. It allows the Board to waive the earnings-retention requirement for adequately capitalized credit unions.
  2. It allows undercapitalized credit unions to submit a streamlined net worth restoration plans if the credit union’s reduction in capital was caused by temporary share growth associated with the pandemic.

These temporary modifications will be in place until March 31, 2022.

The agency is accepting comments on the rule until June 18.

The efforts of the Board in pursuing these changes aimed at PCA flexibility are appreciated and were underscored in a joint letter sent by the Association, CUNA and others to the Board last month.

Though not directly related to this agenda item, the Board made comments pertaining to the NCUSIF, including remarks from Board Member Hood on considering temporarily decreasing the Fund’s normal operating level to 1.30% if losses are greater than or projected to be greater than anticipated.

Board Briefing – Cybersecurity Update

Johnny Davis, Special Advisor to the Chairman for Cybersecurity, provided a cybersecurity update to the Board.

According to the briefing, the top threats to credit unions are:

  • -Historical threats that are still relevant (some with new variants):
    • Ransomware
    • Malware/Phishing
    • Identity Theft
    • Denial of Service
    • ATM Skimming
  • -Pandemic Themed Attacks
  • -Supply Chain Attacks

The briefing also noted top mitigation trends:

  • -Organizational Awareness & Training
  • -Dynamic Asset and Access Awareness
  • -Effective security controls
  • -Security Product/Service Consolidation
  • -Enhanced Remote User Security Emphasis
  • -Breach a-Attack Simulation
  • -Continuous Monitoring (rapid detection and response)

Chairman Harper reminded credit unions that as part of the NCUA’s 2021 Community Development Revolving Loan Fund grant initiative, between May 3 and June 26, LICUs can apply for up to $7,000 in grants to strengthen their cybersecurity defenses.

Board Member Hood discussed with Davis the staffing requirements that would be necessary if the agency were to be granted authority by Congress to oversee third-party vendors. Davis noted a possible approach could be for the agency to focus on only certain significant service providers in the core processor and payment arenas. According to Davis, such an approach might call for around eight to eleven additional staff, at an approximate annual cost of between $1.7 million and $2 million.

Next NCUA Board Meeting

The next meeting of the NCUA Board is presently scheduled for Thursday, June 24, 2021 at 10:00 am. Meeting information may be found at: