A recent Letter to Credit Unions from the National Credit Union Administration outlines the regulator’s supervisory priorities for CUs in the coming year.
Examiners visiting credit unions in 2018 will be focused on the following items:
Cybersecurity assessments: In the new year, the NCUA will begin using the Automated Cybersecurity Examination (ACET) tool when examining CUs with assets of more than $1 billion. The ACET is intended to give the regulator a repeatable, measurable and transparent process for assessing the level of cyber preparedness across CUs. The ACET incorporates standards and practices established for financial institutions and aligns with the Cybersecurity Assessment Tool by the FFIEC.
While the ACET is only for credit unions with assets of $1 billion or more, NCUA has announced its intentions to continue to test and refine the tool for use at smaller, less complex institutions, and intends to keep CUs informed as changes occurs.
Bank Secrecy Act compliance: As examiners review CUs compliance with the Bank Secrecy Act, the Customer Due Diligence regulations for FIs will become effective May 11, 2018. Examiners will begin assessing compliance with this new regulation in the second half of 2018.
Internal controls and fraud prevention: Examiners will continue to evaluate the adequacy of credit union internal controls, as well as overall efforts to prevent and detect fraud.
Interest rate and liquidity risk: On Jan. 1, 2017, examiners began using a revised interest rate risk supervisory tool and examination procedures to assess interest rate risk management practices in CUs. The NCUA did not examine all CUs in 2017, so some CUs will be examined under the new procedure for the first time in 2018. Examiners will also increase their focus on liquidity risk management practices given the emerging trends related to on-balance-sheet liquidity.
Auto lending: Examiners will apply additional scrutiny to CUs with portfolios exposed to higher risk forms of auto lending, such as the following:
- Extended loan maturities of more than seven years
- High loan-to-value
- Near-prime or subprime
- Indirect lending programs.
Commercial lending: The NCUA’s revised regulation for commercial lending, Part 723 - Member Business Loans; Commercial Lending, went into effect January 1, 2017. Examiners will continue to focus on the credit union’s commercial loan policies and procedures along with assessing the effectiveness of the credit union’s risk management processes.
Consumer compliance: Beginning in the second quarter, examiners will perform limited reviews of quarterly Loan/Application Registers (LAR), when applicable, to evaluate federal credit unions’ good faith efforts to comply with the Consumer Financial Protection Bureau’s (Bureau) October 15, 2015 and August 24, 2017 amendments to Regulation C (Home Mortgage Disclosure), which implements the Home Mortgage Disclosure Act (HMDA). Most of the new HMDA requirements take effect on January 1, 2018. The NCUA’s review of 2018 HMDA data will be diagnostic in nature, designed to help credit unions identify compliance weaknesses in collecting 2018 data for submission in 2019 and will credit good faith compliance efforts.
Recognizing the impending January 1, 2018 effective date of the Bureau’s amendments to Regulation C and the significant systems and operational challenges needed to adjust to the revised regulation, for HMDA data collected in 2018 and reported in 2019, the NCUA does not intend to cite violations for data errors found in the quarterly LARs, nor require data resubmission unless data errors are material. Furthermore, the NCUA does not intend to assess penalties with respect to errors in data collected in 2018 and reported in 2019. However, CUs subject to HMDA reporting must still collect the data, establish a quarterly LAR, and submit 2018 data by the March 1, 2019 deadline.
Examiners will also review CUs’ overdraft policies and procedures for compliance with Regulation E.