The National Credit Union Administration has identified its top supervisory priorities for credit unions in 2016.
NCUA Chairwoman Debbie Matz spelled out those priorities in a January letter to federally insured credit unions. The letter was designed to help prepare credit unions for their next NCUA examination.
In the letter, Matz outlined NCUA’s top areas of supervisory focus for credit unions in 2016:
Cybersecurity threats represent significant potential operational risks to financial institutions, and are expected to increase frequency and severity as worldwide interconnectedness grows and the capabilities to conduct cyberattacks become more sophisticated and easier for criminals or terrorists. As in 2014 and 2015, NCUA will continue to carefully evaluate credit unions’ cybersecurity risk management.
In June 2015, NCUA released a Cybersecurity Assessment Tool jointly with the other member agencies of the Federal Financial Institutions Examination Council. The tool provides a structured methodology for credit unions to manage information security and protect member information more effectively.
NCUA encourages all credit unions to use the FFIEC tool to manage cybersecurity risks. NCUA also plans to begin incorporating the tool into its examination process in the second half of 2016.
Incident response programs
In 2016 examinations, NCUA field staff will be reviewing credit unions’ incident response programs as part of their information security programs.
Appendix B to Part 748 of NCUA rules and regulations, Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice, outlines the minimum components of an incident response program that federally insured credit unions need to develop and implement. An incident response program is needed to address unauthorized access to, or use of, member information that could result in substantial harm or inconvenience to a member.
Bank Secrecy Act compliance
NCUA remains vigilant in ensuring the credit union system is not used to launder money or finance criminal or terrorist activity. All federally insured credit unions must perform certain record keeping and meet reporting requirements to detect this type of activity as required by the Bank Secrecy Act.
NCUA field staff are required to review credit unions’ compliance with the Bank Secrecy Act and to complete the related examination questionnaire at every examination. In 2016, NCUA field staff will focus on credit unions’ relationships with money services businesses.
Credit unions can provide services to an MSB while meeting BSA requirements, but should be aware of the unique risk exposure MSBs can present and the corresponding need for commensurate expertise and monitoring systems. In 2014, NCUA issued guidance to field staff and credit unions on Identifying and Mitigating Risks of Money Service Businesses. The guidance describes the steps credit unions should take to mitigate any money-laundering risks posed by MSBs.
Interest rate risk
Interest rate risk remains a key supervisory focus as interest rates have begun to rise. Rising rates may prove challenging for those credit unions that hold high concentrations of long-term assets funded with short-term liabilities.
NCUA is updating interest rate risk management supervisory guidance, and will transition to the updated examination procedures during 2016. The new procedures are designed to improve the efficiency of reviews by focusing field staff resources on those credit unions with elevated levels of interest rate risk and streamlining related exam procedures. Field staff will evaluate credit unions’ compliance with NCUA’s interest rate risk rule, which requires federally insured credit unions with more than $50 million in assets to develop and adopt a written policy on interest rate risk management, and to establish a program to identify, measure, monitor and control it.
Credit union officials should be prepared to provide NCUA field staff with documentation supporting the credit union’s ability to successfully manage their interest rate risk through changing market conditions, including rising rate environments.
TILA-RESPA Integrated Disclosure Rule
Credit unions that have accepted applications for real estate loans on or after Oct. 3, 2015 (except for home equity lines of credit, reverse mortgages and commercial loans) are required to comply with the TILA-RESPA integrated disclosure rule, which the Consumer Financial Protection Bureau adopted to help consumers better understand mortgage transactions.
The CFPB rule requires loan originators to provide consumers with two disclosures: the loan estimate disclosure and the closing disclosure. The loan estimate disclosure must be delivered or placed in the mail no later than the third business day after receiving a consumer’s mortgage application. The closing disclosure must be provided to the consumer at least three business days before the consummation of a mortgage.
The TILA-RESPA integrated disclosure rule also imposes record retention requirements and restricts mortgage originators from imposing certain fees, providing estimates, or requiring consumers to verify information before providing a loan estimate to a consumer. Field staff will review credit unions’ compliance with the relevant provisions.
Regulatory requirements associated with NCUA’s Credit Union Service Organizations rule became effective June 30, 2014. One of the primary changes to the rule requires all federally insured credit unions that invest in or lend to a CUSO to enter into a written agreement requiring the CUSO to submit annual reports directly to NCUA and the state supervisory authority, if applicable.
CUSOs will start providing their annual reports through the CUSO Registry in 2016. Once the deadline for CUSOs to register with NCUA has passed, field staff will check to ensure any CUSO a credit union has loaned to or invested in has been registered with NCUA.
More information on the CUSO Registry is forthcoming in a separate letter to federally insured credit unions.
Matz concluded in the letter to the credit unions that the “NCUA remains committed to protecting the safety and soundness of America’s federally insured credit unions and their more than 102 million members. Our examiners worked successfully with thousands of credit unions in 2015 to significantly reduce losses to the National Credit Union Share Insurance Fund.”
For more information, see https://www.ncua.gov/regulation-supervision/Pages/policy-compliance/communications/letters-to-credit-unions/2016/01.aspx#sthash.RmxL2Whi.dpuf.