The NCUA recently published its annual list of supervisory priorities for the upcoming exam cycle in the Letter to Credit Unions 20-CU-01. 2020 is welcomed with some old favorites as well as some new and more narrowed focus areas. Efforts spent in these areas not only address the areas NCUA will give attention to in your credit union, but also help address control deficiencies within the credit union and improve adherence with regulatory requirements. Of special note are the requirements regarding consumer protection. Credit unions are in the business of consumer protection, but it never hurts to do a self-assessment and address any issues. To help you prepare for your next NCUA examination, following is a list of the 2020 focus areas with some thoughts and recommendations:
1. Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Compliance
Though a repeat area of focus, knowing your member and the processes in place to assist in the ongoing monitoring continues to be a major focus. To help prepare, your credit union, the scope of your upcoming BSA audit should include a review of the member due diligence process and identification and verification of beneficial owner(s) of legal entity members. Timeliness and the quality of documentation of Suspicious Activity Reports (SAR) and Currency Transaction Reports (CTR) will also be considered, so management should ensure there is a good process for identifying and reporting activity deemed reportable. Your BSA/AML audit should include a look at how suspicious activity is identified and documented. Many credit unions use an automated system to assist with monitoring activity. If so, we recommend the system be validated on a periodic basis to help ensure it is performing as you expected, and that it is effective in identifying suspicious activity.
2. Consumer Financial Protection
The NCUA has been rotating regulatory compliance requirements each year. Those chosen are based on trends in the industry, member complaints, and changes in regulations. This year’s focus is on regulations centered around consumer protection.
a. Electronic Fund Transfer Act (Regulation E)
Expect an evaluation of the credit union’s policies and procedures to ensure compliance with Regulation E, including communication of disclosures and error resolution. Implementing a formal tracking for error resolution will manage compliance with the timing requirements set by Regulation E.
b. Fair Credit Reporting Act (FCRA)
Expect an evaluation of credit reporting policies and procedures, and potentially a review of accuracy of reporting to consumer reporting agencies, specifically the first delinquency. Remember, even if you rely on a third party, such as your core processor, to report on your behalf, the responsibility and reputation risk lies with the credit union. Review Appendix A to Part 660 regarding Interagency Guidelines Concerning the Accuracy and Integrity of Information Furnished to Consumer Reporting Agencies, to ensure the credit union has considered the guidelines when establishing and implementing policies and procedures.
c. Gramm-Leach Bliley (GLBA, aka Privacy Act)
Assessment of the credit union’s protection of the consumer’s non-public personal information will receive attention. If not being audited individually, it is recommended that management ensure compliance with GLBA is incorporated into any IT audits conducted.
d. Small Dollar Lending (Payday Alternative Lending)
If your credit union originates small payday alternative loans, expect compliance with the NCUA Payday Alternative Lending rules to be examined. The rules were updated in December 2019 to allow for more flexibility for federal credit unions. The new limits include allowing credit unions to originate payday loans up to $2,000 per borrower, with payback periods between 1 to 12 months and rates 1000 basis points above the usury ceiling established by the Board under the NCUA’s general lending rule. The current usury ceiling is 18 percent inclusive of all finance charges. To help ensure compliance, be sure to include these loan types in any compliance audit scopes.
e. Truth in Lending Act (Regulation Z)
The focus for examiners will be on annual percentage rates (APRs) and late charges. The credit union should ensure that the note agreements and disclosures are consistent with how loan principal, interest, fees and other charges are applied. The disclosure of finance charges and APRs may also be examined for accuracy.
f. Military Lending Act (MLA) and Servicemembers Civil Relief Act (SCRA)
These Acts have been on the NCUA priorities list for the past couple of years, if your credit union has not received a recent review of compliance, expect one to come. Consider including an evaluation of the credit union’s current practices to ensure compliance with the Acts.
3. Credit Risk
Though examiners typically include credit risk management as part of the exam, in the upcoming year, they will emphasize on underwriting standards and procedures. Examiners will verify if the credit union is properly analyzing the borrower’s ability to meet debt service requirements without relying on the value of the collateral.
4. Concentrations of Credit
Examiners will continue to review for concentration risk exposure and will be expanding their examination procedures for credit unions with higher concentrations of specific loan types, including participation loans, commercial loans, indirect loans and residential real estate loans. Most credit unions have a concentration policy; however, it is worth revisiting the NCUA Letter to Credit Unions 10-CU-03 to help ensure your current policies and procedures are capturing and responding to key risks.
5. Current Expected Credit Losses (CECL)
Though the CECL implementation date has been delayed another year, examiners will be evaluating the Credit Union’s readiness for this accounting change. Credit Unions should be evaluating the methodologies, gathering data, researching vendor models and running parallel models to help prepare for the effective date effective for year ends beginning after December 15, 2022.
6. Information Systems and Assurance (Cybersecurity)
In 2018, the NCUA began using the Automated Cybersecurity Examination Tool (ACET) to assess the maturity of the credit union’s cybersecurity program. In 2020 an updated client/server version of the ACET is being deployed which will allow credit unions to complete self-assessments. The NCUA started the maturity assessments with credit unions of $1 billion in assets or more, then moved to those between $250 million and $1 billion. In 2020 the NCUA will continue completing those assessments, moving on to credit unions between $100 million and $250 million. The NCUA expects the initial maturity assessment cycle to be completed in 2021, and with the assessments being refreshed every 4 years. In addition to the ACET, the NCUA will be piloting new procedures to evaluate critical security controls during the examinations between maturity assessments. We recommend credit unions consider reviewing cybersecurity and IT audit procedures to ensure that critical controls are independently evaluated and tested.
7. LIBOR Cessation Planning
As a result of LIBOR not being available beyond 2021, credit unions must have a plan to transition any products, whether offered, owned, or counterparties to, to an alternative rate. The examiners will conduct reviews using the NCUA’s LIBOR Assessment Workbook to help identify all LIBOR related transactions and the credit union’s relative response to the discontinuation of LIBOR. Credit unions should develop a plan to manage the transition from LIBOR and communicate such to the Board of Directors. In addition, credit unions should assess its LIBOR exposure for their various loan products, determine an alternative index, review existing and new contracts to determine whether they contain appropriate fallback language in the event of LIBOR cessation (i.e., language that clearly states which rate(s) should be used in the event that LIBOR is no longer available), determine strategy to amend contracts where current fallback provisions are inadequate, assess accounting and tax implication of the index change, and develop a communication plan within the organization as well as with members and counterparties.
8. Liquidity Risk
Examiners will be focusing on the management of liquidity risk for credit unions exhibiting lower levels of on-balance sheet liquidity. The evaluation will include the following; effects of changing interest rates on the market values of assets and borrowing capacity; scenario analysis for liquidity risk modeling, including member share migrations, changes in cash flow projections for various factors, such as changing prepayment speeds; and appropriateness of contingency funding plans to address liquidity shortfalls. Guidance on what examiners will be looking for as well as resources to help develop a strong liquidity risk management program can be found on the NCUA’s online Examiners Guide.
Though a long list of focus areas for examiners, they are all areas that each credit union should regularly focus on to maintain a healthy credit union. Giving attention to these areas prior to the examiners’ arrival should help with the best exam possible.
Please feel free to contact Alison Herrick firstname.lastname@example.org with any questions or assistance you may need. Wipfli helps credit unions with solutions such as regulatory compliance, profit improvement, risk management, strategic planning/board development, IT services/cybersecurity, HR consulting, and audit services.