The NCUA recently published its annual list of supervisory priorities for the upcoming exam cycle in the Letter to Credit Unions 19-CU-01. This year’s letter brought a list of items that were expected and are on the forefront of focus and concern among our clients as well as examiners. To help you prepare, here is a list of those focus areas and some thoughts and recommendations:
- Bank Secrecy Act Compliance. Make sure your upcoming BSA audit scope includes a review of the member due diligence process and identification and verification of beneficial owner(s) of legal entity members. Knowing your member is a major focus and an important aspect in complying with the BSA/OFAC requirements. Also, if an anti-money laundering system is used for suspicious activity monitoring and the due diligence process, we recommend that the system be reviewed and validated on a periodic basis to help ensure it is being used effectively.
- Concentrations of Credit. Most credit unions have a concentration policy; however, it is worth revisiting the NCUA Letter to Credit Unions 10-CU-03 to help ensure your current policies and procedures are capturing key risks and your concentrations are appropriately monitored. If your credit union doesn’t have a policy, one should be considered. Concentrations could include loans with similar collateral types loan terms, business loans, participation loans in a specific geographic area, and loans to one borrower or group of borrowers. Concentrations should also be considered when conducting strategic planning, considering a merger, making loan purchases, and developing new products.
- Consumer Compliance. This year’s focus is on the Home Mortgage Disclosure Act, so it is important that your credit union review your processes for compliance with the regulation, including your new data points and exemption determination. We recommend continuous review of the Loan/Application Register (LAR) throughout the year. This will help ensure that information is pulling in correctly and reduce the last-minute clean-up before year-end filing. Remember, the regulation does require that the LAR be updated 30 days following the end of each quarter. Examiners will also continue to focus on Military Lending Act compliance, adverse action notices for compliance with Regulation B, and compliance with Regulation E. With the continued changes and scrutiny on regulations, it is important that your credit union maintain a strong compliance management program including policies and procedures, training, and compliance audits of the various regulations. The overall compliance management program should also be reviewed on a periodic basis.
- Current Expected Credit Losses (CECL). Though the CECL implementation date has been delayed another year, effective for year-ends beginning after December 15, 2021, examiners will be evaluating your credit union’s readiness for this accounting change. All credit unions should be evaluating the methodologies, gathering data, researching vendor models, and running parallel models to help prepare for the effective date.
- Information Systems and Assurance. Your credit union should be assessing the maturity of the IT environment using the Automated Cybersecurity Examination Toolbox (ACET) to help strengthen the IT program. This can be done using your credit union’s in-house resources, or it can be outsourced. Your credit union should also be evaluating the IT audit schedule and scope to ensure that IT risks are being mitigated and audited on a regular basis.
- Liquidity and Interest Rate Risks. Your credit union should have an asset liability management program in place to help identify and monitor liquidity and interest rate risk. Management should incorporate asset liability management methodologies into strategic planning using the models to run “what if” scenarios. It is also recommended that policies, processes, and asset liability management models be reviewed internally, as well as audited and validated on a regular basis.
For more information regarding preparing for your next NCUA exam, please contact your Wipfli relationship executive or Alison Herrick at firstname.lastname@example.org.