Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Credit Unions Introduced to New Automated Cybersecurity Examination Tool

May 23, 2018
Read Time: 0 min

In the 2018 Data Breach Investigations Report (DBIR), Verizon reported over 53,000 security incidents, including 2,216 confirmed data breaches in 2017. Financial institutions have high stakes when it comes to cybersecurity and credit unions are natural targets for these types of attacks: as nonprofit entities, they are likely to have limited information technology. 

The prevalence and severity of cybersecurity issues make it understandable, then, that the National Credit Union Administration (NCUA) would include cybersecurity among its primary areas of supervisory focus for 2018.

As part of its efforts to better assess credit unions’ cybersecurity preparedness, the NCUA this year will begin to use the new Automated Cybersecurity Examination Tool (ACET) to standardize cybersecurity preparedness assessment of credit unions with $1 billion or more in assets. It will also work to fine-tune the tool to evaluate smaller credit unions in the future after creating a baseline with these larger credit union assessments.

Developed in late 2017, the ACET aligns with the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool that allows institutions to voluntarily identify cybersecurity risk and readiness. The NCUA encourages credit unions continue to use the FFIEC’s tool for cybersecurity self-evaluation.

In a December 2017 NCUA Letter to Credit Unions, the supervisory group added, “The ACET provides the NCUA with a repeatable, measurable and transparent process for assessing the level of cyber preparedness across federally insured institutions.”

The ACET encourages consistency and scalability of assessment, while also providing insight through benchmarking that will help the NCUA “focus [its] supervision efforts on areas that are the most important for the credit union system.”

“Using the new [ACET] tool ensures we are consistent in our approach and we can scale our expectations properly to the size, complexity, and risk exposure of each credit union,” the NCUA said about its regulatory approach.

In an April webinar joined by Credit Union National Association (CUNA) staff members, Tim Segerson, director of Risk Management for NCUA, said, “We’ve set pretty clear expectations because we want to make sure no one is surprised. This isn’t going to be a ‘gotcha’ situation, but an ongoing conversation and collaboration with the industry.”

Streamline the reserve calculation process and impress examiners.

Request More Information »

The National Association of Federally-Insured Credit Unions (NAFCU) said in a recent post that credit unions should pay close attention to these three takeaways:

  1. The ACET is not yet finalized and will continue to change
  2. The NCUA will formally deploy the tool in 2019
  3. The NCUA is contemplating ACET reviews every 2-3 years. The ACET will replace the Gramm-Leach-Bliley Act/Part 748 Privacy review and the Electronic Banking questionnaire

According to NAFCU, “NCUA does not expect the current iteration of the ACET will prove overwhelming for credit unions using it for the first time.”

Additional Resources

WhitepaperCECL Solution Buyer’s Guide  
WebinarCECL: The Hidden Complexities to Simple Approaches for Community Institutions

About the Author


Raleigh, N.C.-based Sageworks, a leading provider of lending, credit risk, and portfolio risk software that enables banks and credit unions to efficiently grow and improve the borrower experience, was founded in 1998. Using its platform, Sageworks analyzed over 11.5 million loans, aggregated the corresponding loan data, and created the largest

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.