The National Credit Union Administration’s Supervisory Priorities for 2018 remain consistent with 2017 with an emphasis on controlling risks.
The agency plans to fully implement its extended exam cycle in 2018. Well-rated credit unions with less than $50 million in assets will continue with streamlined exam procedures while the rest will undergo risk-focused examinations.
Other priorities include:
The agency will implement the Automated Cybersecurity Examination Tool (ACET) this year, which aligns with the FFIEC Cybersecurity Assessment Tool. The ACET will be used during exams at credit unions with over $1 billion in assets and tested for scalability at smaller institutions. The NCUA encourages credit unions to self-assess cybersecurity with the FFIEC tool.
Bank Secrecy Act.
BSA remains a high priority. In the second half of the year, examiners will include the Customer Due Diligence regulations for Financial Institutions (31 CFR 1010.230) in exams. Last year the agency focused on money services businesses (MSB).
Internal controls and fraud protection.
This remains a top concern.
Interest rate and liquidity risk.
Some credit unions will be examined under the NCUA’s revised interest rate risk supervisory tool and examination procedures to assess interest rate risk management practice for the first time since its implementation in January 2017. On-balance-sheet liquidity is causing examiners to increase their focus on liquidity risk management practices.
A new priority for 2018, lenders with “material exposure to higher risk forms of lending” can expect additional scrutiny. This includes portfolios heavy on extended loan maturities over seven years, high loan-to-value, near-prime or subprime and indirect lending programs.
Policies and procedures for commercial loans and risk management processes will draw examiner attention to ensure they are appropriate.
The agency will be watching to make sure new Home Mortgage Disclosure Act (HMDA) data collection and reporting requirements are met though it doesn’t plan to cite credit unions for data errors as long as a good faith effort was made. Beginning in the second quarter, it will review quarterly Loan/Application Registers (LAR) as needed. Its main goal will be to identify weaknesses.
The agency will also be evaluating compliance with the Military Lending Act’s contract term restrictions and credit card provisions.
Check out Ncyber, our online FFIEC cybersecurity assessment tool.