Compliance Blog

On Thursday, August 12, 2021, the National Credit Union Administration (NCUA) issued Letter to Credit Unions 21-CU-08 to provide the industry with key updates on the agency’s ongoing efforts to modernize its technology. This includes some information about the move from the current AIRES system to the Modern Examination and Risk Identification Tool (MERIT). NCUA last addressed the status of some of these ongoing projects when the agency updated its supervisory priorities in July 2020, indicating that the pandemic lead to delays of the transition to MERIT which was originally expected to happen last year.

The Letter to Credit Unions addresses several initiatives:

• NCUA Connect & Admin Portal;
• Consumer Access Process and Reporting Information System, or CAPRIS, a tool for multiple common bond federal credit unions (FCUs) to request field of membership expansions replacing the 21-year old Field of Membership Internet Application (FOMIA);
• MERIT; and
• Data Exchange Application (DEXA).

NCUA will begin transitioning to these programs this month, and credit unions who want to make use of these tools will need to identify up to two individuals as “Admin Portal Administrators” who will have the responsibility for managing the CU’s users. Requests should be submitted to OneStop@ncua.gov. For multiple common bond FCUs, to use CAPRIS, the credit union should have already received information about accessing this program but if not, the agency asks the CU to reach out to CAPRISinfo@ncua.gov. CAPRIS is scheduled to begin operation today, August 16, 2021.

For MERIT and DEXA, NCUA suggests credit unions wait to seek access until the credit union is notified of its first exam using these systems, as no information specific to the credit union will be in these programs until that time. For these exam-specific systems, NCUA is adopting enhanced security measures their accounts are locked after a period of inactivity. NCUA noted that MERIT will allow examiners to securely interact with CUs. Users can expect to receive document request lists or “surveys,” which NCUA expects will improve efficiency. The surveys will be organized by risk area and the system will allow credit unions to delegate specific surveys to other CU users of  MERIT. MERIT will also allow the electronic delivery of exam reports allowing authorized staff and officials to access reports in MERIT and view/download historical reports. MERIT will also electronically track exam concerns like Documents of Resolution and Examiner findings and responses to such concerns, creating a more formal follow-up process and while “provid[ing] greater transparency” to the exam process.

One helpful piece of information in the letter relates to NCUA’s plan to provide training to credit unions as part of the transition to these new systems. NCUA plans to provide training for CU users in several different ways. There will be a self-paced training program on MERT in NCUA’s Learning Management Service (with more details on these to come later), the agency created a guide on NCUA Connect and the Admin Portal, various updates about MERIT and DEXA available here, and NCUA plans to offer webinars in the future.  

The letter ends by reiterating NCUA’s commitment to information security as a top priority, and that these new systems are built upon industry standards and best practices. This includes complying with standards for federal agencies set forth by the National Institute of Standards and Technology (NIST) standards and guidelines, Office of Management and Budget policies, and federal laws, such as the Federal Information Security Management Act.