League of Southeastern Credit Unions & Affiliates
Director’s Resource League of Southeastern Credit Unions
|
July 2014 | Vol. 5 Issue No. 2
President’s Message One of the hottest topics among credit unions this quarter has been the NCUA’s risk-based capital proposal. The League hit the road in April and May to educate and inform credit unions about the proposal as well as provide ideas on writing a comment letter. We held 12 meetings with great discussion in each one. Credit unions, system partners, and lawmakers sent more than 2,000 comment letters to the NCUA. This was a record number of comment letters and a great start. However, we have more work to do. This summer’s NCUA Listening Sessions are vital toward getting change to the proposal. This will be the first opportunity for credit unions to talk directly to the NCUA. The League will attend the Chicago and Alexandria, VA, sessions. Another factor in the future of the proposal is the confirmation of Mark McWatters to the board. He replaces Mike Fryzel. We all need to educate him on our thoughts about the proposed rule and the changes that need to be made. He says he’s committed to looking at it closely. By the end of July we should see if we can get much needed changes to the proposed rule. Thank you to all who wrote a comment letter. I want you to know the League is continuing to push for changes, and we will do everything possible to make sure the NCUA listens to credit unions.
The Board’s Role in Overseeing Cybersecurity Risk The risk of cyberattacks can directly affect both operations and the broader brand or reputation of a company, often resulting in significant financial repercussions. According to Risk Intelligent Governance in the Age of Cyber Threats, a 2012 Deloitte publication, the median annualized cybercrime-related cost in 2011 was $5.9 million, which was a 56 percent increase over the prior year. A primary responsibility of the board is to provide risk oversight, and the audit committee is often delegated the task of overseeing the risk programs and policies, including cybersecurity. The trend has been for other committees to be delegated the task of overseeing risks associated with their areas of expertise. For example, risks to the compensation plan might be overseen by the compensation committee. Ultimately, however, the full board is accountable for risk oversight. In many instances, the committees are delegated the oversight of risk, however, the full board also discusses and continually monitors the most material risks and those for which the company is most vulnerable (i.e., where no controls exist to mitigate the risk). Typically when addressed, cybersecurity is a topic on the short list of risks and is typically discussed at the full board level rather than left solely with a committee. (continued on page 2)
Save the Date Southeast Regional Director’s Conference July 13-16 Sunday - Wednesday Savannah, GA Click here for more information Southeast Supervisory Committee Conference Aug. 3-6 Sunday - Wednesday Point Clear, AL Click here for more information Southeast Leadership Development Conference Nov. 4-7 Tuesday - Friday Destin, FL Click here for more information