Supervisory spotlight

Each year, NCUA issues supervisory priorities outlining primary areas of focus to assist credit unions in preparing for their exams.

Exam activities focus on the areas that pose the highest risk to credit unions, members, and the National Credit Union Share Insurance Fund.

This year, the agency highlights risks surrounding interest rates, liquidity, and credit, as well as fraud prevention and detection, information security, and consumer financial protection. This year’s list of six core areas, outlined in NCUA Letter to Credit Unions 23-CU-01, presents a noticeable decrease from last year’s 11 core areas.

Interest rate risk

This priority isn’t surprising due to high share growth during the pandemic.

Interest rate risk refers to the current and prospective risk to a credit union’s capital and earnings from movements in interest rates. The risk arises because interest rates can vary significantly over time, and credit union business typically involves activities that produce exposure to maturity or rate mismatch.

In September 2022, NCUA revised its interest rate risk supervisory framework. Review NCUA Letter to Credit Unions 22-CU-09 to understand why and how the agency has updated its approach to supervising this risk.

Effective risk management programs include comprehensive interest rate risk policies, appropriate and identifiable risk limits, clearly defined risk mitigation strategies, and a suitable governance framework. Credit unions should continue to model and manage interest rate risk using a broad range of scenarios with various prepayment speed and yield curve assumptions.

Liquidity risk

Liquidity is a credit union’s capacity to meet its cash and collateral obligations at a reasonable cost.

Situations that can increase liquidity risk include mismatches between sources and uses of funds, market constraints on the ability to convert assets into cash or to access sources of funds, and contingent liquidity events.

Higher interest rates have caused a slowdown in prepayments for some loans and investment holdings, resulting in reduced cash flows. Many credit unions face potential problems with their liquidity because they’re saddled with portfolios full of low-yielding loans but face competitive pressure to increase deposit rates.

Examiners will review your credit union’s liquidity policies, procedures, and risk limits. In looking at a credit union’s liquidity risk management framework, examiners will also evaluate the adequacy of it relative to your credit union’s size, complexity, and risk profile.

Examiners will assess scenario analysis for liquidity risk modeling, including possible member share migrations, and they’ll assess scenario analysis for changes in cash flow projections for an appropriate range of relevant factors.

Credit risk management

This entails managing the risk of default on expected repayments of loans or investments.

High inflation and rising interest rates are putting financial pressure on members that could result in higher loan payments and affect borrowers’ ability to repay outstanding debt.

Credit unions are at increased risk considering that loan portfolios grew roughly 25% from 2019 to mid-year 2022. This growth happened at a time of unprecedented collateral valuation in homes, vehicles, and other assets.

NCUA examiners will review the soundness of existing lending programs, adjustments your credit union made to loan underwriting standards and portfolio monitoring practices, and loan workout strategies for borrowers facing financial hardships. They’ll also examine whether these efforts were reasonable and conducted with proper controls and management oversight.

Credit unions should implement appropriate written policies and internal controls to determine how they offer such accommodations and how they report these to credit bureaus.

Information security/cybersecurity

Geopolitical issues continue to elevate cybersecurity risks. This is a top-tier risk under the agency’s enterprise risk management program.

Examiners will evaluate whether credit unions have established adequate information security programs to protect members and the credit union. To strengthen the examination process for cybersecurity, NCUA developed and tested updated information security examination procedures tailored to institutions of varying size and complexity.

Credit unions may conduct voluntary cybersecurity self-assessments using NCUA’s Automated Cybersecurity Evaluation Toolbox. This is a free, downloadable, stand-alone application that can help determine credit unions’ risks and controls. The tool works in coordination with an information security examination.

NEXT: Fraud prevention and detection

Fraud prevention and detection

Fraud is on the rise, and NCUA has been looking at fraud risk in a variety of contexts for years. The Federal Trade Commission warned that reports of consumer fraud increased 70% between 2021 and 2022, and fraud remains an expensive problem for financial institutions.

When examiners look at fraud, they consider potential insider and external threats.

NCUA will review internal controls and look for evidence of separation of duties to detect and deter internal fraud, especially related to off-site postures. The agency introduced a new questionnaire via MERIT to help examiners scope their exams by identifying red flags signaling new and existing fraud risks.

For state-chartered credit unions, federal and state examiners will coordinate so the questionnaire isn’t submitted twice.

Credit unions should review and assess their fraud controls for effectiveness, and implement necessary adjustments or new controls.

Consumer financial protection

In his November 2022 testimony before the House Financial Services Committee, NCUA Chairman Todd Harper stated that consumer financial protection is a priority that’s as important as safety and soundness.

Examiners will perform a risk-focused assessment of your compliance with consumer financial protection laws and regulations based on your credit union’s products and services.

NCUA includes reviews of overdraft programs as a supervisory priority. In particular, the agency focuses on the use of overdraft protection programs, and the safety and soundness issues that can occur with overreliance on these programs.

Examiners will request information about overdraft policies and procedures, and audits of these programs. Audits focus on monitoring tools, the auditing process for these programs, website advertising, balance recalculation methods, settlement processes and communications provided to members about the programs, and statements and disclosures related to Payday Alternative Loans II (PALS II).

To prepare, review whether you amended your overdraft program, and how and when you communicated the changes to members in a “clear and conspicuous” way. Confirm that members easily understand when and how often their limit will change or if other fees will apply. Determine if some members or groups of members pay disproportionate overdraft fees.

Examiners will look to see if the credit union follows Flood Disaster Protection Act requirements, including disclosures. In May 2022, NCUA and the federal banking agencies issued revised federal flood insurance FAQs. These FAQs reflect significant changes to federal flood insurance requirements.

For the Truth in Lending Act, credit unions with high auto loan growth—more than 30% from September 2021 to September 2022—can expect examiners to review auto lending requirements and compliance disclosures. Make sure your auto lending policies, procedures, and disclosures are accurate, up to date, and effective.

For the Fair Credit Reporting Act (FCRA), NCUA examiners will look at your credit reporting protections related to furnishing adverse action notices, risk-based pricing, and consumer rights disclosures. Do your members know what to do if their credit report is wrong?

Review your FCRA policies and procedures, and pay special attention to high-risk areas.

Examination for fair lending will include a review of policies and practices for steering and loan pricing discrimination risk factors: Do loan officers have financial incentives? Does the credit union have clear criteria for steering members to products? Are policies and procedures in place to evaluate the consistency, fairness, and accuracy of residential real estate appraisals the credit union obtains?

Past exams considered Equal Credit Opportunity Act violations related to marital status and age. Make sure your lending compliance policies and procedures related to marital status and age are up to date and compliant, and that staff are trained to follow them. Review NCUA Letter to Credit Unions 22-CU-04 from February 2022.

Other updates

Other information NCUA included in its supervisory priorities address current expected credit losses (CECL) implementation, succession planning, support for small credit unions and minority deposit institutions (MDI), and the post-examination survey.

For CECL, examiners will review the adequacy of your credit union’s allowance for credit losses (ACL) policies and procedures, ACL reserving methodology documentation, and adherence to generally accepted accounting principles.

NCUA Letter to Credit Unions 22-CU-02 lists a variety of resources about CECL, including Financial Accounting Standards Board FAQs.

NCUA also is interested in credit unions’ approach to succession planning. Examiners may request  information about your approach to succession planning to assess the needs of the industry as a whole.

The agency will continue its small credit union and MDI support program, implemented in 2022 to support and preserve these credit unions. This program continues to identify resources, provide training and guidance, and support the management of small credit unions.

In September 2021, NCUA initiated a successful post-examination survey pilot to gather feedback on examinations. It will implement a revised post-examination survey this year to continue obtaining feedback. It also indicated credit unions can record their exit conferences with examiners. This can provide helpful institutional knowledge, particularly if there’s a change in executive leadership.

NCUA examinations will continue with on-site/off-site supervision activities as appropriate. The extended examination cycle continues in 2023, as do the risk-focused and small credit union examination programs.

NCUA’s budget for 2023 allows for 18 new positions. They include specialized examination and analytics staff both in the field and in headquarters. They’re dedicated to areas of emerging complexity and risk in the credit union system, and to support off-site examination work and the use of data analytics through the virtual examination project.

The budget also includes staff for continued enhancements to NCUA’s fair lending program.

PATRICIA O’CONNELL is lead compliance counsel at Credit Union National Association. Contact CUNA’s compliance team at cuna.org/compliance.