Skip to main content

NATIONAL CREDIT UNION ADMINISTRATION Priorities for 2016

Supervisory Priorities for 2016
NATIONAL CREDIT UNION ADMINISTRATION
1775 Duke Street, Alexandria, VA 22314
DATE:
January 2016
LETTER No.:
16-CU-01
TO:
Federally Insured Credit Unions
SUBJ:
Supervisory Priorities for 2016
Page Content

Dear Board of Directors and Chief Executive Officer:
     This letter is intended to assist you in preparing for your next NCUA examination.  NCUA field staff will continue to use the streamlined small credit union exam program procedures for credit unions with assets up to $50 million and CAMEL ratings of 1, 2, or 3.  For all other credit unions, field staff will conduct risk-focused examinations, which concentrate on the areas of highest risk, new products and services, and compliance with federal regulations.
     Below are NCUA’s top areas of supervisory focus that are broadly applicable for credit unions in 2016.

Cybersecurity Assessment
     Cybersecurity threats continue to represent significant potential operational risks to financial institutions.  Cyberattacks are expected to increase in frequency and severity as worldwide interconnectedness grows and the capabilities to conduct cyberattacks become more sophisticated and easier for criminals or terrorists to obtain.  As in 2014 and 2015, NCUA will continue to carefully evaluate credit unions’ cybersecurity risk management.  
     In June 2015, NCUA released a Cybersecurity Assessment Tool jointly with the other member agencies of the Federal Financial Institutions Examination Council (FFIEC).  The tool provides a structured methodology for credit unions to manage information security and protect member information more effectively. 
The tool is designed to enhance cybersecurity oversight and management capabilities, and to identify any gaps in an institution’s risk-management practices.  Credit unions can use this tool to enhance their cybersecurity preparedness. 
     NCUA encourages all credit unions to use the FFIEC tool to manage cybersecurity risks.  NCUA also plans to begin incorporating the Cybersecurity Assessment Tool into our examination process in the second half of 2016.
     Throughout 2016, NCUA will continue to foster and facilitate sharing of best practices to strengthen credit unions’ existing cybersecurity programs.  For additional cybersecurity resources, please visit the Cybersecurity Resources Page on NCUA’s website.

Response Programs for Unauthorized Access to Member Information
     Incident response procedures are a key part of a credit union’s information security program.  In 2016 examinations, NCUA field staff will be reviewing credit unions’ incident response programs. 
     Appendix B to Part 748 of NCUA rules and regulations, Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice, outlines the minimum components of an incident response program that federally insured credit unions need to develop and implement.  An incident response program is needed to address unauthorized access to, or use of, member information that could result in substantial harm or inconvenience to a member. 

Bank Secrecy Act Compliance
NCUA remains vigilant in ensuring the credit union system is not used to launder money or finance criminal or terrorist activity.  All federally insured credit unions must perform certain recordkeeping and meet reporting requirements to detect this type of activity as required by the Bank Secrecy Act.  
     NCUA field staff are required to review credit unions’ compliance with the Bank Secrecy Act and to complete the related examination questionnaire at every examination.  In 2016, NCUA field staff will focus on credit unions’ relationships with money services businesses, also known as MSBs. 
     Credit unions can provide services to an MSB while meeting BSA requirements, but should be aware of the unique risk exposure MSBs can present and the corresponding need for commensurate expertise and monitoring systems.  In 2014, NCUA issued guidance to field staff and credit unions on Identifying and Mitigating Risks of Money Service Businesses.  The guidance describes the steps credit unions should take to mitigate any money-laundering risks posed by MSBs.
     If your credit union provides services to an MSB, field staff will verify that you meet the following minimum expectations established by NCUA and federal banking agencies:
  • Perform customer identification program procedures;
  • Ensure each MSB is registered with the Financial Crimes Enforcement Network (FinCEN) and is in compliance with state and local licensing requirements; and
  • Conduct a BSA/anti-money laundering risk assessment to document the level of risk associated with each MSB account and determine whether greater due diligence is necessary.
For compliance information and additional resources, see the Bank Secrecy Act page on NCUA’s website.

Interest Rate Risk
     Interest rate risk (IRR) remains a key supervisory focus as interest rates have begun to rise.  Rising rates may prove challenging for those credit unions that hold high concentrations of long-term assets funded with short-term liabilities.
     NCUA is in the process of updating interest rate risk management supervisory guidance, which will be published in 2016.  As part of this effort, NCUA field staff will transition to the updated IRR examination procedures over the course of 2016.  The new procedures will improve the efficiency of reviews by focusing field staff resources on those credit unions with elevated levels of IRR and streamlining related exam procedures.
     Field staff will receive specialized training on evaluating IRR at the national exam program training in April 2016 and throughout the remainder of the year during regularly scheduled group meetings and other customary training venues.  Field staff will evaluate credit unions’ compliance with NCUA’s interest rate risk rule, which requires federally insured credit unions with more than $50 million in assets to develop and adopt a written policy on IRR management, and establish a program to identify, measure, monitor, and control IRR.  
Credit union officials should be prepared to provide NCUA field staff with documentation supporting the credit union’s ability to successfully manage their IRR through changing market conditions, including rising rate environments.
     For the IRR rule and guidance, see 12 CFR Part 741, Requirements for Insurance and Appendix B to Part 741, Guidance for an Interest Rate Risk Policy and an Effective Program.

TILA-RESPA Integrated Disclosure Rule
     Credit unions that have accepted applications for real estate loans on or after October 3, 2015 (except for home equity lines of credit, reverse mortgages, and commercial loans) are required to comply with the TILA-RESPA integrated disclosure rule, which the Consumer Financial Protection Bureau adopted to help consumers better understand mortgage transactions.1 
The CFPB rule requires loan originators to provide consumers with two disclosures: 

Loan Estimate Disclosure – Combines the Truth in Lending Act disclosure and the Good Faith Estimate.  The loan estimate disclosure must be delivered or placed in the mail no later than the third business day after receiving a consumer’s mortgage application. 

Closing Disclosure – Combines the final TILA disclosure and the HUD-1 Settlement Statement.  The closing disclosure must be provided to the consumer at least three business days before the consummation of a mortgage.
     The TILA-RESPA integrated disclosure rule also imposes record retention requirements and restricts mortgage originators from imposing certain fees, providing estimates, or requiring consumers to verify information before providing a loan estimate to a consumer.  Field staff will be reviewing credit unions’ compliance with the relevant provisions.
For additional information, please visit the Consumer Compliance Regulatory Resources page on NCUA’s website.

CUSO Reporting
     Regulatory requirements associated with NCUA’s CUSO rule became effective June 30, 2014.2  One of the primary changes to the rule requires all federally insured credit unions that invest in or lend to a CUSO to enter into a written agreement requiring the CUSO to submit annual reports directly to NCUA and the state supervisory authority, if applicable.
     CUSOs will start providing their annual reports through the CUSO Registry in 2016.3  Once the deadline for CUSOs to register with NCUA has passed, field staff will check to ensure any CUSO a credit union has loaned to or invested in has registered with NCUA.  
More information on the CUSO Registry is forthcoming in a separate Letter to Federally Insured Credit Unions.

Conclusion
     NCUA remains committed to protecting the safety and soundness of America’s federally insured credit unions and their more than 102 million members.  Our examiners worked successfully with thousands of credit unions in 2015 to significantly reduce losses to the National Credit Union Share Insurance Fund.
Signature SC

​Sincerely,

Debbie Matz
Chairman

Comments

Popular posts from this blog

Sunday Reading - Underwater Kingdoms

Underwater Kingdoms   Coral reefs are underwater ecosystems made from the skeletons of hard coral colonies. Each colony is composed of multiple polyps called corals—animals with tentacles around a mouth at one end and sac-like bodies at the other that attach to a surface and secrete calcium carbonate for protection. Over thousands of years, these secretions accumulate to form habitats that support about 25% of marine species, even though they cover less than 1% of the ocean floor. >  The first coral reefs formed hundreds of millions of years ago. ( More , w/video) > Coral polyps are tiny animals whose mouths both consume food and expel waste. ( More ) > See how coral reefs get their color. ( More ) Known as the "rainforest of the seas," coral reefs are found in tropical and subtropical waters of more than 100 countries, wi...

New CEO Named at SF Fire CU

  In San Francisco, – SF Fire Credit Union has appointed Robert Kassab as its president and chief executive Officer. Kassab, who has served as the $1.6-billion credit union’s CFO and most recently as Interim CEO, will lead the organization as it builds on 75 years of community service and pursues an ambitious strategy for growth and member impact, the credit union said in a statement. Robert Kassab “SF Fire Credit Union has a 75-year legacy of doing right by its members, and I take that responsibility seriously,” Kassab stated. Kassab joined SF Fire Credit Union in 2022 as CFO, where he played a central role in strengthening the institution’s financial foundation and positioning the credit union for long-term growth. His appointment as CEO follows a period of interim leadership, during which he worked closely with the board to develop a strategic vision for the credit union’s future, according to SF Fire. An Institution That ‘Deserves Them Back’ “SF Fire Credit Union was built on ...

Crews Shares Vision For NCUA, Refuses To Enter Board Battle

By Ray Birch WASHINGTON—NCUA nominee John Crews used his Senate Banking Committee confirmation hearing Thursday to lay out an agenda centered on reducing regulatory burden for smaller credit unions, encouraging technological innovation and reviving the formation of new credit unions, while declining to weigh in on the legality of the NCUA's current one-member board because of pending litigation. Although much of the hearing was dominated by sharp questioning of fellow nominee Christopher Phelan over the economy, inflation, tax policy and President Trump's agenda, Crews' exchanges with senators offered insights into how he might approach regulating the credit union system if confirmed. The hearing proceeded despite questions on Capitol Hill over whether it would even take place following Wednesday's political turmoil surrounding President Trump's demand that Congress pass the SAVE America Act before he signs bipartisan housing legislation and the Senate's decisio...

NCUA Board Meeting Coverage: Here’s Where Deregulation Project Stands

  ALEXANDRIA, Va.—An update on NCUA’s ongoing Deregulation Project was provided during the Thursday board meeting. Offering the update was Amanda Parkhill, acting director of the agency’s Office of Examination and Insurance.“There’s a lot going on and we anticipate over 50 rulemaking guidance and policy actions as a result of the deregulation project and other efforts taken to reduce burden and streamline processes,” said Parkhill. “These cover a wide variety of topics from new,   innovative technology to long standing anti money laundering and consumer compliance requirements. Many of the actions we are working on involve coordination with other regulators to ensure that requirements are consistent among banks and credit unions.” Parkhill said 31 proposals have been made as part of the Deregulation Projects, two of which are still out for comment.  “We are in very stages of finalizing several of the proposed rules,” Parkhill said. adding that objective is to wrap up phas...

DC Round-Up

  HUD Makes ACU-Requested Change; Hearing on Payments Today; CU-Backed Candidate Wins in Utah WASHINGTON–The Department of Housing and Urban Development (HUD) has updated Federal Housing Administration (FHA) quality control requirements to allow greater flexibility and alternatives to appraisal field reviews in a change that had been requested earlier by a coalition of 10 trade groups, including America’s Credit Unions .  The new provisions took effect immediately when released in a Mortgagee Letter on June 23, . According to ACU, the change removes the requirement for mortgage lenders, including credit unions, to obtain appraisal field reviews on at least 10% of origination and underwriting quality control reviews.  “The change will make field reviews optional for appraisal quality control, maintain FHA’s core appraisal compliance framework, and give lenders the ability to tailor their review methods on a case-by-case-specific risk,” America’s Credit Unions said. “The r...

ATMs and the Windows 11 Software Upgrade

ATMs and the Windows 11 Software Upgrade Joe Woods, SVP Marketing & Partnerships Dolphin Debit Access There is a lot of information and misinformation circulating regarding the required Windows 11 software. Windows 10 is sunsetting and therefore Windows 11 is now the new operating system of choice moving forward. Many of us may not realize, however, that there are multiple versions of Windows 10. These different versions have different sunset dates, different options for extended service plans as well as different applications. Your ATM’s will be required to upgrade to Windows 11 at some point in the near future. However, that future could be four months away or forty months away. And if costs are similar to the Windows 10 upgrade, you could be spending $5,000-$14,000 per ATM for the upgrade.   To figure out what is best for you, you need to examine your ATM fleet. Several factors need to be considered for this change from Win10 to Win11. Making a rash decision to per...

Healthcare Fraud Sweep

  The Justice Department has charged 455 defendants across 45 states and US territories in a $6.5B healthcare fraud crackdown , which officials described as the largest coordinated enforcement action in its history and the second-largest amount ever charged in a single operation (behind last year’s $14.6B operation). Authorities say the schemes targeted Medicare, Medicaid, and other healthcare programs through fraudulent billing, illegal kickbacks, opioid distribution, and telemedicine operations. Those charged include 90 licensed medical professionals, while 295 defendants are tied to over $500M in false Medicaid claims. Investigators also seized more than $127M in cash, vehicles, jewelry, and other assets tied to the alleged fraud. The two-week crackdown comes amid the Trump administration’s antifraud push, with expanded data-sharing efforts across agencies (scroll to see coordinated effort ). Experts estimate healthcare fraud costs t...

What You Might Not Know About July 4th.

NCUA Tells FICUs Crypto Trading is OK — If Big Exchanges Provide the Service

When it comes to reading between the lines of financial regulators’ advisory letters, tone matters. Take last week’s letter from the National Credit Union Administration (NCUA) which gave the federally insured credit unions (FICUs) it oversees permission to partner with digital asset providers to allow retail customers to buy, sell and trade in cryptocurrencies. Now compare it to the one issued by Comptroller of the Currency Michael Hsu’s agency to the national banks and federal savings associations it regulates a month earlier. On the surface, both said much the same thing: Financial institutions can provide cryptocurrency services (albeit with some notable differences: the OCC’s letter dealt with more back-end services, including custody services as well as holding and using dollar-pegged stablecoins for transaction settlement). Neither was enthusiastic. The NCUA’s letter said it “does not prohibit FICUs from establishing these relationships” — which is not as enthusiastic as “are a...

The FedNow Service will launch in 2023 "Are you ready?"

The FedNow Service is a new instant payment service that the Federal Reserve Banks are developing to enable financial institutions of every size, and in every community across the U.S., to provide safe and efficient instant payment services in real-time, around the clock, every day of the year. Through financial institutions participating in the FedNow Service, businesses and individuals will be able to send and receive instant payments conveniently, and recipients will have full access to funds immediately, giving them greater flexibility to manage their money and make time-sensitive payments. Consistent with the Federal Reserve’s historical role of providing payment services alongside private-sector providers, the FedNow Service will provide choice in the market for clearing and settling instant payments as well as promote resiliency through redundancy. Financial institutions and their service providers will be able to use the service as a springboard to provide innovative instant p...