After two years of nearly identical priorities, the National Credit Union Administration (NCUA) has made a few adjustments to its Supervisory Priorities for 2019, all of which emphasize controlling risks, including a new focus on third-party risk management.
Gone from the list are internal controls and fraud protection, automobile lending, and commercial lending. Additions include credit concentration and CECL.
Read on to find out more:
Bank Secrecy Act Compliance
BSA is listed as first priority, surpassing cybersecurity, which reigned supreme last year. Examiners will engage in “more in-depth reviews” of credit unions’ BSA/AML policies, procedures, and processes to determine compliance with the new customer due diligence regulations that took effect last year.
Concentrations of Credit
New to the list is concentration risk. The NCUA plans to focus on uncovering excessive levels of loan product concentration risk and helping management identify mitigation strategies.
Consumer compliance rises from last to third on the list this year. The agency will continue efforts begun in 2018 to evaluate credit unions’ good faith efforts to comply with 2018 HMDA data collection and reporting requirements and Military Lending Act (MLA) compliance. Compliance with Reg B’s notification requirements after adverse action on consumer credit applications and Reg E’s overdraft protections via policy and procedures will be a new priority.
Current Expected Credit Losses (CECL)
New to the list, the NCUA will be looking to see what credit unions have done to prepare for CECL and the potential impact on the Allowance for Loan and Lease Losses funding needs. The new method for estimated allowances for credit losses will take effect January 1, 2022 for most credit unions.
Information Systems & Assurance (aka Cybersecurity)
In 2018, the NCUA implemented the Automated Cybersecurity Examination Tool (ACET), which aligns with the FFIEC Cybersecurity Assessment Tool. In 2019, examiners will use the tool to assess credit unions with over $250 million in assets that haven’t previously been assessed. Data “security, confidentiality, and integrity” remains a top priority.
After reviewing ACET results to data and historical data, the NCUA has added to other areas of focus:
- Assessment of credit union IT risk management to ensure it effectively identifies, remediates, and controls inherent risks to appropriate residual risk levels.
- Oversight of service provider arrangements to ensure credit unions implement effective risk-based supply chain management (aka third-party risk management).
Interest Rate and Liquidity Risk
Projected economic fluctuations and the increased challenges of retaining low-cost core deposits in a rising rate environment have made interest rate and liquidity risk an area of increased emphasis. Examiners will assess:
- The potential effects of rising interest rates on the market value of assets that affect changes to net worth and borrowing capacity;
- Member preference shifts to shares with more market sensitivity; and
- Credit union management’s ability to meet liquidity needs given the increased competitive pressures that affect share balances.