GLOBAL CREDIT UNION
The regulator landscape In the US, financial institutions operate within a complex regulatory environment overseen by bodies like the National Credit Union Administration( NCUA). Global Credit Union invests in additional compliance checks to ensure it meets all requirements, conducting monthly reviews of its cybersecurity insurance and regulatory alignment.
Many regulations reference frameworks like the Federal Financial Institutions Examination Council( FFIEC) guidelines or the National Institute of Standards and Technology( NIST) standards. However, Dana notes that regulations often lag behind technological advancements, particularly in areas such as AI.
“ Regulations don’ t change as fast as they should,” she says.“ Think about all the AI technologies that have come out recently. There’ s really no governance yet.”
This gap requires financial institutions to anticipate regulatory changes rather than simply react to them. Global Credit Union monitors proposed state and federal privacy and security regulations, particularly watching states like California that typically adopt stricter requirements before other jurisdictions.
GCU learned from the European Union’ s General Data Protection Regulation( GDPR), which caught many organisations unprepared. By watching regulatory trends globally, even outside their direct operating footprint, at the time of release, Global Credit Union can prepare for changes before they become mandatory.
“Members come first, so we want to hear from them. We want to hear the good, as well as the bad”
Dana Gonderzik, Director, Information Security, Global Credit Union
“ You can read the writing on the wall and be ready and prepared versus being reactive,” she says.
Building a security-aware culture Technology alone cannot protect an organisation from cyber threats. Human behaviour remains the weakest link in many security breaches, making security awareness training essential. Dana recognises that security expertise shouldn’ t be expected from every employee, but everyone shares responsibility for protecting the organisation and its members.
160 March 2026