NCUA sees progress toward adding ‘S’ to ‘CAMEL,’ OIG report shows

A new examination component evaluating market risk sensitivity is expected, according to indications by management, to move closer to being included in the federal credit union regulator’s examination system in 2021, according to the agency inspector general’s latest semiannual report to Congress.

The report, covering National Credit Union Administration (NCUA) activities from April 1 to Sept. 30, shows that the addition of this component – S, which will turn the CAMEL rating system into CAMELS – will require revision to the liquidity component (L) to only include liquidity content and criteria, not interest-rate risk.

“Management indicated that adopting the ‘S’ (Market Sensitivity) for the CAMEL rating system involves public notice and comment, NCUA Board approval, and cohering regulation, examination procedures, and system changes,” the report states. “As part of the Enterprise Solutions Modernization program, NCUA is updating the examination platform to incorporate the ability to assign and capture the ‘S’ component as an optional part of the CAMEL rating. Management indicated they expect to have this system change in place in 2021. Management also noted that this will provide the agency the flexibility to adopt the ‘S’ rating if the Board so chooses, and to capture the ‘S’ rating for federally insured state-chartered credit unions in the states where the state regulators adopted the ‘S’ rating.”

These two changes, adding a component for market sensitive and revising the liquidity component in the CAMEL system, have been on the outstanding recommendations list since November 2015. The changes are being made in conjunction with the agency’s Enterprise Solutions Modernization (ESM) program, which includes an update to the examination platform.

The other recommendation still outstanding in this report – that the agency go to Congress and work out a way to give the NCUA more authority over credit unions’ third-party vendors so it can better manage cybersecurity risk – will be pursued “after recovery from the COVID-19 pandemic,” the report states.

The NCUA listed four audits underway focusing on the agency’s processing of consumer complaints; its governance of information technology (IT) initiatives (specifically, its process for identifying, controlling, prioritizing, and implementing IT initiatives across the agency); and the agency’s 2020 financial statements. The fourth is the audit report on compliance with the Federal Information Security Modernization Act of 2014, which was issued last month.

NCUA Semiannual Report to Congress (April 1–September 30, 2020)