What priorities will examiners focus on this year? NCUA provides a glimpse in its Letter to Credit Unions No. 15-CU-01—“Supervisory Priorities for 2015.”
Even though not listed among this year’s priorities, examiners, of course, will always expect to find the fundamentals: good loan portfolios, sound asset-liability management, and solid financial statements. Beyond the fundamentals, NCUA says examiners will focus “on the areas of highest risk in the credit union system, and compliance with new regulations.”
NCUA redoubles cybersecurity efforts
In 2014, the Federal Financial Institutions Examination Council (FFIEC)— an interagency group composed of NCUA, the three federal banking agencies, and the Consumer Financial Protection Bureau (CFPB)—conducted special cybersecurity assessments of about 500 institutions, and found many banks and credit unions aren’t taking adequate actions to protect data and recover from intrusions.
NCUA says examiners “will focus on proactive measures that credit unions can take to protect their data and their members.” The agency emphasizes that, regardless of size, all credit unions must be concerned about cybersecurity.
NCUA “will redouble efforts to ensure” credit unions have a comprehensive information security policy, and implement that policy by:
The agency also will focus on a credit union’s ability to recover from a security breach. CUNA is pleased that the Obama administration calls for federal legislation to require merchants to have some data breach response standards. But the NCUA standards (in Appendix B of Section 748) for credit unions are much more stringent than anything yet proposed for merchants.
Expect the FFIEC to release more information this year about ways to improve cybersecurity. NCUA hosts a cybersecurity resource center that includes all interagency guidance.
Interest rate risk concerns
Although it’s second on NCUA’s 2015 list, rest assured interest rate risk (IRR) remains a top-tier issue. As NCUA states, “Exposure to IRR remains a primary concern for all federal financial institution regulators, due to continued uncertainty about monetary policy and the direction of short-term interest rates.”
Since interest rates have nowhere to go but up, and no one knows when that will happen, examiners will continue to press credit unions about how they will—and can—respond to rising interest rates. NCUA says it will continue to use the guidance it issued in 2012 requiring federally insured credit unions with $50 million or more in assets to have effective IRR management programs. NCUA hosts an IRR resources Web page containing this guidance and other information.
Expect more IRR regulations, but not before 2016. When NCUA issued its original risk-based capital (RBC) proposal in early 2014, it attempted to factor interest rate risks into its risk-weighting system. The agency is concerned about the increased weighted average maturity of investments, the influx of nonmaturity shares, and fixed-rate real estate loans. The credit union system strenuously objected to the agency’s approach, and NCUA deleted IRR factors when it reissued for comment a new RBC proposal in January, saying that any risk-weightings eventually assigned under RBC would incorporate only credit risk and concentration risk.
But in the supplemental information accompanying RBC2, the agency says it “has concluded that NCUA’s current regulations and supervisory process alone cannot adequately address IRR.” So, as part of the comment process (which closes April 27), NCUA asks credit unions for alternative risk measurement approaches.