Amanda Parkhill, deputy director at NCUA’s office of examination and insurance, explained how the threat of a recession and continued economic challenges will affect key risk factors in early 2023 during CUNA’s 2022 Supervisory Committee and Internal Audit Conference in Las Vegas.

Among the risks the agency is watching:

Interest rate risk. This remains a supervisory priority for NCUA, Parkhill says. “Credit union management teams must continue to monitor interest rate risk exposure relative to capital, as well as the impact to asset quality, earnings, and liquidity,” she says.

NCUA recognizes concern among credit unions about how the agency will supervise interest rate risk during difficult financial times, Parkhill says. To that end, the NCUA has made moves to allow credit unions to evaluate risk on a case-by-case basis.

Liquidity risk. Not since the 1980s has the Federal Reserve waged such a fierce campaign against inflation, and even during a period of economic slowdown, the Fed is likely to keep rates high, she says.

“This creates an environment where many credit unions leaders will have to manage liquidity shortages,” Parkhill says. “Credit unions have, historically, had long periods of sufficient liquidity. So it will require staff to adjust to market conditions.”

Credit risk. Credit union loan portfolios are at increased risk considering that loan portfolios grew by roughly 25% from 2019 to midyear 2022, she says.

“Much of that increased loan growth occurred during a time of unprecedented collateral valuation,” Parkhill says. “The increased prices aren’t just in homes but in vehicles and other assets as well.”

Continued inflation puts pressure on consumers’ ability to repay their debts, she notes. “Consumers have less income to pay their debts when the cost of living increases. When people live paycheck to paycheck, this can be the difference between making a loan payment and paying for basic necessities.”

Cybersecurity risk. Geopolitical issues continue to elevate cybersecurity risks, as credit unions’ risk exposure continues to change dynamically. “Risk management must be continuous to guard against cyberthreats,” Parkhill says.

In July, NCUA approved a proposed rule that would require credit unions to notify the NCUA no later than 72 hours after they reasonably believe a reportable cyber incident has occurred.

The agency has also developed the Automated Cybersecurity Evaluation Toolbox, a free resource that contains cybersecurity assessment tools to determine credit unions’ risks and controls.

“When credit unions participate in these programs,” she says, “they keep other credit unions and consumers safe from cyberattacks.”