NCUA released a letter to credit unions detailing its supervisory priorities for 2023 (23-CU-01). The NCUA will continue to conduct exams both onsite and offsite. The Small Credit Union Exam Program will remain in place for most federal credit unions with assets under $50 million; while the risk-focused exam procedures will be used for all other credit unions.
Information Security and Cybersecurity continues to be an exam priority to ensure risk management programs adapt to evolving threats. In preparation for exams, we recommend credit unions review the Information Security Examination procedures which will be used during 2023 exams. Additionally, cybersecurity risk assessments can be a useful tool to help identify where enhancements may be needed to the cybersecurity program. Contact BTG to schedule a 2023 Cybersecurity Risk Assessment should your credit union need assistance completing the NCUA Automated Cybersecurity Toolbox (ACET).
Fraud Prevention and Detection exam procedures have also been enhanced to ensure internal controls and separation of duties exists to mitigate fraud risks. The NCUA will utilize a management questionnaire during pre-exam planning to identify insider and third-party fraud red flags and risks. Credit unions should periodically review elevated privileges and user access permissions to critical systems, and ensure activities performed by internal and external system administrators are controlled and monitored. To help eliminate the compliance monitoring burden on management and operational resources, BTG provides Access Control Audits. Acceptable and appropriate user permissions, separation of duties, and system administrator activities are reviewed during the independent audit.
Our goal is to ensure your credit union is prepared for upcoming exams, and we welcome any questions as you navigate through the 2023 Supervisory Priorities. If you are interested in learning more about BTG’s audit and compliance services, please contact Elisabeth Esposito, Vice President of Professional Services, directly at (203) 745-3176 or firstname.lastname@example.org.