NCUA laid out its 2018 supervisory priorities in its annual Letter to Credit Unions No. 17-CU-09 to kick off the year. Not surprisingly, cybersecurity, Bank Secrecy Act (BSA) compliance, and internal controls and fraud prevention top the list.
NCUA also noted that, after implementing its extended examination cycle in 2017, it expects to fully implement the new cycle by the end of 2018.
As outlined in Letter to Credit Unions No. 16-CU-12 last year, a federal credit union is eligible for the extended examination cycle if it meets all the following criteria:
Examinations for federal credit unions eligible for an extended cycle will begin between 14 and 20 months from the prior examination completion date. Examinations for all other federal credit unions will begin between eight and 12 months from the prior examination completion date.
In 2018, examiners will use the streamlined small credit union exam program procedures for credit unions with assets up to $50 million and CAMEL ratings of 1, 2, or 3.
For all other credit unions, examiners will conduct risk-focused examinations, concentrating on high-risk areas, new products and services, and compliance with federal regulations.
NCUA will implement the Automated Cybersecurity Examination Tool (ACET) to improve and standardize supervision related to cybersecurity.
The ACET provides the agency with a repeatable, measurable, and transparent process for assessing the level of cyber-preparedness across federally insured institutions.
It incorporates appropriate standards and practices established for financial institutions, and aligns with the Cybersecurity Assessment Tool developed by the Federal Financial Institutions Examination Council for voluntary use by banks and credit unions.
NCUA encourages credit unions to continue to self-assess their cybersecurity and risk management practices using the Cybersecurity Assessment Tool if they don’t have an alternative assessment method.
NCUA will begin using the ACET for exams of credit unions with more than $1 billion in assets. The agency can then create a baseline for the cybersecurity maturity level of the largest and most complex institutions, while it continues to test and refine the ACET through 2018 to ensure it scales properly for smaller, less complex institutions.
NCUA remains vigilant in ensuring the credit union system isn’t used to launder money or finance criminal or terrorist activity.
Examiners are required to review credit unions’ compliance with the BSA and complete the related examination questionnaire at every examination.
The Customer Due Diligence (CDD) regulations for financial institutions become effective May 11.
Examiners will assess compliance with this new regulation in the second half of 2018.
Internal controls and fraud prevention
Credit union safety and soundness includes establishing a strong system of internal controls and a comprehensive approach to managing fraud risk.
Examiners will continue to evaluate the adequacy of credit union internal controls, as well as overall efforts to prevent and detect fraud.
Interest rate and liquidity risk
On Jan. 1, 2017, examiners began using a revised interest rate risk supervisory tool and examination procedures to assess interest rate risk management practices in credit unions.
Because NCUA didn’t examine all credit unions in 2017, it will examine some credit unions under the new procedures for the first time in 2018.
NCUA revised its interest rate risk supervision process, given the potential impact of interest rate risk on the credit union system and the National Credit Union Share Insurance Fund.
NCUA developed these new procedures after extensive staff research, analysis, vetting, and testing over the past two years. Stakeholders included credit unions, state regulators, external service providers, and NCUA staff.
Key changes to NCUA’s interest rate risk supervision include:
NCUA designed these interest rate risk supervision changes to increase its efficiency and effectiveness, and to focus resources toward higher-risk credit unions while reducing the scope, attention, and time for lower-risk credit unions.
The new procedures also should provide greater consistency in the identification and application of risk assessment across the system, according to NCUA.
Examiners also will increase their focus on liquidity risk management practices, given the emerging trends related to on-balance-sheet liquidity.
More information is available in last year’s Letter to Credit Unions No. 16-CU-08, which contains a fact sheet about interest rate risk supervision, the revised Examiner’s Guide, the Interest Rate Risk Review Procedures Workbook, and a guide to using the workbook.
NEXT: Auto lending