Credit union regulator’s priorities in New Year lead with AML/BSA, consumer financial protection, cybersecurity

Anti-money laundering (AML) and Bank Secrecy Act (BSA) compliance, consumer financial protection and cybersecurity are at the top of the list for the supervisory priorities of the federal credit union regulator in 2020, the agency announced Tuesday.

In outlining its supervisory priorities for the new year, National Credit Union Administration (NCUA) Board Chairman Rodney Hood said the agency’s commitment to safety and soundness, and protection of the federal savings insurance program for credit unions (the National Credit Union Share Insurance Fund [NCUSIF]), “is the foundation for everything we do.”

Among the details of the priorities listed by NCUA:

  • Bank Secrecy Act and anti-money-laundering compliance: The agency said its examiners conduct a BSA/AML review during every examination and take appropriate action, when necessary, to ensure credit unions meet their obligations. Of specific emphasis, the agency said, would be customer due diligence and beneficial ownership requirements that became effective May 11, 2018. The agency also indicated it would continue to focus on proper filing of suspicious activity and currency transaction reports (SARs and CTRs). “Filing timely and informative SARs and CTRs provides law enforcement, intelligence, and counter-terrorism officials with vital information,” the agency stated.
  • Consumer financial protection: While the agency examines for compliance with all consumer financial protection rules, it said it rotates specific regulations to ensure broad coverage over a multi-year period. In 2020, NCUA said, examiners are required, at a minimum, to review compliance with: Electronic Fund Transfer Act (Regulation E), including the rule’s error resolution procedures; Fair Credit Reporting Act (FCRA), including review of credit reporting policies and procedures, as well as accuracy of reporting to credit bureaus, particularly the date of first delinquency; Gramm-Leach-Bliley (Privacy Act), to evaluate credit union protection of non-public personal information about consumers; small dollar lending (including payday alternative lending), including compliance with NCUA payday alternative lending (PAL) rules and interest rate cap, as well as whether a credit union’s non-PAL short-term, small-dollar loan programs comply with regulatory requirements; Truth in Lending Act (Regulation Z) to evaluate credit union practices concerning annual percentage rates and late charges and whether credit unions appropriately levy late fees, and are accurately disclosing finance charges and annual percentage rates; Military Lending Act (MLA) and Servicemembers Civil Relief Act (SCRA), including review of credit unions that have not received a recent exam for compliance with the rules.
  • Cybersecurity: The agency’s new security review program “Automated Cybersecurity Examination Tool (ACET)” will be “fully deployed” in 2020, according to the agency, allowing credit unions to complete self-assessments through access to the new program on the agency’s website early this year. In addition, the agency said it will be piloting new procedures in 2020 to “evaluate critical security controls during examinations between maturity assessments,” with the critical security controls reviews scaled to the size and risk profile of the institution.

Other priorities for the agency’s examiners are:

  • Credit risk and liquidity risk: Examiners will place emphasis on the review of the credit union’s loan underwriting standards and procedures, working to verify if credit unions properly analyzed the ability of borrowers to meet debt service requirements without undue reliance on the value of any collateral. NCUA said its examiners will continue to review concentration risk exposure during each examination, but noted it is implementing in 2020 enhanced examination procedures, including supervisor concurrence and additional quality controls, for credit unions with very high concentrations in specific loan types. On liquidity risk, in 2020 examiners will review credit union liquidity management and planning. In particular, for credit unions with low levels of on-balance-sheet liquidity, examiners will assess liquidity management by evaluating potential effects of changing interest rates on the market value of assets and borrowing capacity; scenario analysis for liquidity risk modeling; scenario analysis for changes in cash flow projections for an appropriate range of relevant factors (for example, changing prepayment speeds); and “appropriateness of contingency funding plans to address any potential liquidity shortfalls.”
  • Current expected credit losses (CECL) accounting standard: Despite the additional delay (to 2023) for credit unions to comply with the Financial Accounting Standards Board’s standard, NCUA said its examiners will continue to discuss with credit union management their plans to implement CECL.
  • LIBOR (London Interbank Offered Rate, or LIBOR) interest rate benchmark transition: Examiners will assess credit unions’ exposure and planning related to the discontinuance of LIBOR after 2021, including identification of all LIBOR-related transactions including both on- and off-balance-sheet exposures (number of transactions and balance amounts); and planning, governance, senior executive engagement, budgeting, accounting, and addressment of other impacts related to the transition and discontinuance of LIBOR

The agency also stated in the letter that its new examination platform, the Modern Examination and Risk Identification Tool (MERIT), will be released to all examination staff in the second half of 2020. Credit unions will also be users of MERIT, NCUA said, and will have the ability to perform certain activities in the tool, such as transferring documents and files needed for the examination securely; providing status updates and requesting due date changes on corrective actions; and accessing completed examination reports securely.

NCUA 2020 Supervisory Priorities