Supervisory priorities and examination plans affecting federally insured credit unions in 2019 – including full implementation of an extended exam cycle for certain well-run institutions – are outlined in a Letter to Credit Unions issued Tuesday by the National Credit Union Administration (NCUA).
Briefly, the top supervisory priorities for the coming year at NCUA, according to Letter to Credit Unions 19-CU-01 from agency board Chairman J. Mark McWatters, include Bank Secrecy Act (BSA) compliance, credit concentrations, consumer compliance, credit unions’ preparations for the (eventual) shift to the current expected credit losses (CECL) accounting standard, information security maturity assessments (along with credit union IT risk management and oversight of credit unions’ service provider arrangements), and liquidity and interest-rate risks.
Regarding the exam process, McWatters notes that the agency’s examiners will continue in 2019 to use the streamlined, small credit union exam program for most credit unions that have less than $50 million in assets. For all others, he notes, examiners “will conduct risk-focused examinations, concentrating on the areas of highest risk, new products and services, and compliance with federal regulations.” He added that the extended exam cycle introduced in 2017 “will be fully implemented” in 2019.
The extended exam cycle is applied for credit unions that, among other things, have less than $1 billion in assets, CAMEL codes of 1 or 2 (for both the composite rating and the management component rating), and “well capitalized” designations under the agency’s prompt corrective action rules.
McWatters also says examiners will have more flexibility to perform “suitable” examination work offsite, which the agency expects will reduce the time impact on credit unions, save on travel costs and increase staff productivity. (Examiners were able to conduct as much as 35% of exam work offsite in a 2017 pilot involving a limited number of institutions, the agency notes.)
More details on supervisory focus matters include the following:
Bank Secrecy Act (BSA) Compliance: Examiners will perform more in-depth reviews of credit unions’ BSA and anti-money laundering policies, procedures, and processes to assess compliance with regulatory requirements for customer due diligence and for identifying and verifying beneficial owner(s) of legal entity members. New Customer Due Diligence regulations for Financial Institutions (31 CFR 1010.230) became effective May 11, 2018 (under the Economic Growth, Regulatory Relief and Consumer Protection Act, or EGRRCPA/S. 2155). Examiners began assessing credit unions’ efforts to comply with the new regulations during the second half of 2018.
Concentrations of Credit: Examiners will have a continued focus on large concentrations of loan products and concentrations of specific risk characteristics. Concentration risk, the letter notes, is defined as any single exposure or group of highly correlated exposures that have the potential to produce losses large enough to threaten a credit union’s health or ability to maintain its core operations. Excessive credit concentrations are a common cause of financial losses, it says.
Consumer Compliance: As in 2018, examiners will continue to perform limited reviews of Home Mortgage Disclosure Act (HMDA) quarterly loan/application registers (LARs), or full-year LARs when applicable. The reviews will evaluate federal credit unions’ good faith efforts to comply with 2018 HMDA data collection and reporting requirements and will account for the statutory partial exemptions that took effect on May 24, 2018 (under EGRRCPA).
NCUA also notes continued focus on Military Lending Act (MLA) compliance as well as Regulation B (Equal Credit Opportunity Act/ECOA) notification requirements following adverse action taken on consumer credit applications. It says examiners will also review overdraft policies and procedures for compliance with Regulation E (Electronic Fund Transfer Act/EFTA).
Current Expected Credit Losses (CECL): The agency notes that while the CECL requirements may continue to evolve in 2019, examiners will inquire about efforts a credit union has taken to prepare for them and whether it has performed analysis for how CECL would alter the allowance for loan and lease losses (ALLL) funding needs.
Information Systems and Assurance: Examiners will continue conducting information security maturity assessments with the Automated Cybersecurity Examination Toolbox (ACET) and will use ACET to assess credit unions with over $250 million in assets that have not previously received an assessment. Reviews of credit union IT risk management will assess whether it “effectively identifies, remediates, and controls inherent risks to appropriate residual risk levels.” The agency’s oversight of service provider arrangements are to ensure credit unions implement effective risk-based supply chain management.
“These areas of focus were established as a result of historical examination analysis, emerging threat trends, and sample results of ACET maturity assessments to date,” the letter says.
Liquidity and Interest Rate Risks: Examiner will assess liquidity and interest rate risk management, including potential effects of rising interest rates on the market value of assets that affect changes to net worth and borrowing capacity; member preference shifts to shares with more market sensitivity; and credit union management’s ability to meet liquidity needs given the increased competitive pressures that affect share balances.
NCUA says projected economic fluctuations in 2019 make liquidity and interest rate risks “an increased area of emphasis.” It adds, “When rates rise, it puts pressure on credit unions to raise deposit rates in order to maintain deposit account volume. Also, enhanced mobile and internet banking applications and non-bank financial technology may result in greater challenges to retain low cost core deposits compared to prior interest rate cycles.”
The letter provides links to relevant materials, including other, past Letters to CUs and the agency’s online exam guide.