In with the New: NCUA’s 2019 Supervisory Priorities
Written By: Reginald Watson, NAFCU Regulatory Compliance Counsel
The new year is upon us and I hope everyone had a chance to relax a little during the holiday season. For some, the new year is a chance to set new goals and conquer greater horizons. For others, like me, the new year is a fresh opportunity to renew those resolutions from last year that may not have fully panned out. NCUA seems to be doing a little of both in its recently released 2019 Supervisory Priorities.
In its first letter to credit unions of the year, NCUA outlined its examination priorities for 2019. While many of the topics addressed echo the supervisory priorities from years past, new developments may shape the way NCUA examines these issues going forward. This blog will provide a brief breakdown of NCUA’s main areas of focus for 2019. NAFCU members can remain on the lookout for a more in depth analysis of NCUA’s 2019 Supervisory Priorities in next month’s Compliance Monitor newsletter.
Bank Secrecy Act Compliance. Bank Secrecy Act Compliance was a priority in 2018 with the focus being on the Customer Due Diligence (CDD) requirement to identify the beneficial owners of legal entity members. This will remain a supervisory priority in 2019, with “more in-depth” reviews for CDD compliance. NCUA recommends that credit unions review and the enclosures which discuss the examination expectations. NCUA’s Bank Secrecy Act website also provides additional resources. NAFCU has blogged on and , as well as . NAFCU has also published an in-depth (member login required).
Adverse Action Notices. NCUA also mentioned adverse action notices under Regulation B as an area of focus. Regulation B requires credit unions to notify an applicant of an adverse action within:
- 30 days after receiving a completed credit application;
- 30 days after receiving an incomplete credit application;
- 30 days after taking adverse action on an existing credit account; or
- 90 days after making a counteroffer if the applicant does not accept the offer.
See, . The commentary to Regulation B is very useful in understanding the nuances of this requirement. It is also important to keep in mind that the also has an adverse action notice requirement that covers a slightly broader spectrum than credit applications. The Federal Reserve’s provides a useful analysis of these notification requirements.
Overdrafts. Similar to last year, examiners will review credit unions' compliance with Regulation E's overdraft rules. provides a number of requirements for overdraft programs (ODP), including requiring members to opt-in before assessing overdraft-related fees. provides a sample opt-in form. While the 2019 priorities refer only to Regulation E, NCUA’s Truth in Savings rules also require overdraft fees to be disclosed in a credit union's account opening disclosures as well as the periodic statement. See, , . Credit unions may also find it helpful to review Letter to Credit Unions which includes NCUA's Interagency Guidance on Overdraft Protection Programs, NAFCU's related , and NAFCU members can find an article with a more in-depth discussion of ongoing ODP litigation risk here.
HMDA. NCUA plans to continue to review for HMDA compliance. Once again in 2019, NCUA states HMDA reviews will continue to evaluate for "good faith efforts to comply." In 2019, this will also include accounting for the new HMDA rules implementing the partial exemption which became effective on May 24, 2018 with the passage of S.2155. Overall though, NCUA seems to indicate that this means examiners will simply review LARs and help credit unions determine their compliance weaknesses in both data collection and reporting. NCUA’s provides additional information on these expectations. NAFCU has also blogged about and .
Cybersecurity. As in years past, the security of member information remains a supervisory priority for the NCUA and they plan to continue using the Automated Cybersecurity Examination Toolbox (ACET) to assess credit unions with over $250 million in assets. Additional areas of focus seem to include assessing the credit union’s IT Risk Management and the credit union’s oversight of third-party service provider arrangements. For additional information, both and provide a plethora of resources.
Concentration Risk. Examiners plan to look more closely at the credit union’s loan concentration with more scrutiny for higher concentrations of specific risk characteristics. In 2018, NCUA seemed to pinpoint auto lending and commercial lending as areas of focus, however the agency did not seem to mention a particular area of lending this go around. NCUA recommends credit unions review its for more information.
Liquidity and Interest Rate Risk Management. As in years past, NCUA will examine for the credit union’s management of interest rate risk in light of projected interest rate increases by the Federal Reserve. Special areas of focus include the potential effects of rising interest rates on the market value of assets affecting net worth and borrowing capacity, how the credit union accounts for changing member preferences, and management’s ability to meet liquidity needs in the changing environment. NCUA’s addresses Interest Rate Risk Management in further detail. The FFIEC also provides a series of that may be helpful.
CECL. Although the effective date is not until 2022, NCUA stated that they will inquire about credit union’s current efforts to prepare for the new Current Expected Credit Losses (CECL) accounting standard. NAFCU has continued to advocate for a delayed implementation of the CECL standard in both letters and meetings with both agency officials and lawmakers. In the meantime, NAFCU has also created a number of resources that may help with implementation including an in-depth CECL study as well as Frequently Asked Questions related to the CECL accounting standard.
We’ll see how well NCUA does with these priorities as the year progresses. As for me, I’m off to the gym!