Each year, NCUA issues supervisory priorities outlining primary areas of focus to assist credit unions in preparing for their exams.

Exam activities focus on the areas that pose the highest risk to credit unions, members, and the National Credit Union Share Insurance Fund.

This year, the agency highlights risks surrounding interest rates, liquidity, and credit, as well as fraud prevention and detection, information security, and consumer financial protection. This year’s list of six core areas, outlined in NCUA Letter to Credit Unions 23-CU-01, presents a noticeable decrease from last year’s 11 core areas.

Interest rate risk

This priority isn’t surprising due to high share growth during the pandemic.

Interest rate risk refers to the current and prospective risk to a credit union’s capital and earnings from movements in interest rates. The risk arises because interest rates can vary significantly over time, and credit union business typically involves activities that produce exposure to maturity or rate mismatch.

In September 2022, NCUA revised its interest rate risk supervisory framework. Review NCUA Letter to Credit Unions 22-CU-09 to understand why and how the agency has updated its approach to supervising this risk.

Effective risk management programs include comprehensive interest rate risk policies, appropriate and identifiable risk limits, clearly defined risk mitigation strategies, and a suitable governance framework. Credit unions should continue to model and manage interest rate risk using a broad range of scenarios with various prepayment speed and yield curve assumptions.

Liquidity risk

Liquidity is a credit union’s capacity to meet its cash and collateral obligations at a reasonable cost.

Situations that can increase liquidity risk include mismatches between sources and uses of funds, market constraints on the ability to convert assets into cash or to access sources of funds, and contingent liquidity events.

Higher interest rates have caused a slowdown in prepayments for some loans and investment holdings, resulting in reduced cash flows. Many credit unions face potential problems with their liquidity because they’re saddled with portfolios full of low-yielding loans but face competitive pressure to increase deposit rates.

Examiners will review your credit union’s liquidity policies, procedures, and risk limits. In looking at a credit union’s liquidity risk management framework, examiners will also evaluate the adequacy of it relative to your credit union’s size, complexity, and risk profile.

Examiners will assess scenario analysis for liquidity risk modeling, including possible member share migrations, and they’ll assess scenario analysis for changes in cash flow projections for an appropriate range of relevant factors.

Credit risk management

This entails managing the risk of default on expected repayments of loans or investments.

High inflation and rising interest rates are putting financial pressure on members that could result in higher loan payments and affect borrowers’ ability to repay outstanding debt.

Credit unions are at increased risk considering that loan portfolios grew roughly 25% from 2019 to mid-year 2022. This growth happened at a time of unprecedented collateral valuation in homes, vehicles, and other assets.

NCUA examiners will review the soundness of existing lending programs, adjustments your credit union made to loan underwriting standards and portfolio monitoring practices, and loan workout strategies for borrowers facing financial hardships. They’ll also examine whether these efforts were reasonable and conducted with proper controls and management oversight.

Credit unions should implement appropriate written policies and internal controls to determine how they offer such accommodations and how they report these to credit bureaus.

Information security/cybersecurity

Geopolitical issues continue to elevate cybersecurity risks. This is a top-tier risk under the agency’s enterprise risk management program.

Examiners will evaluate whether credit unions have established adequate information security programs to protect members and the credit union. To strengthen the examination process for cybersecurity, NCUA developed and tested updated information security examination procedures tailored to institutions of varying size and complexity.

Credit unions may conduct voluntary cybersecurity self-assessments using NCUA’s Automated Cybersecurity Evaluation Toolbox. This is a free, downloadable, stand-alone application that can help determine credit unions’ risks and controls. The tool works in coordination with an information security examination.

NEXT: Fraud prevention and detection