Examining Risk

Pay attention to new developments in NCUA’s seven risk factors.

March 01, 2014
KEYWORDS compliance , risk
/ PRINT / ShareShare / Text Size +

3. Liquidity risk

Interest rates will rise at some point and a credit union’s current loan and investment portfolios might not provide enough flexibility to rapidly adjust to different economic conditions. To address these concerns—and problems credit unions faced in the recent financial crisis—NCUA adopted a regulation that requires all federally insured credit unions to have liquidity and contingency funding plans. The regulation goes into effect on March 31.

Credit unions with less than $50 million in assets must have a basic board-approved policy that provides a framework for managing liquidity and a list of contingent liquidity sources. Credit unions with assets of $50 million or more must have a contingency funding plan that sets out strategies for addressing liquidity shortfalls in emergency situations. In addition, credit unions with assets of $250 million or more must establish access to NCUA’s Central Liquidity Facility and/or to the Federal Reserve’s discount window.

4. Transactional risk

Obviously, the widespread merchant data breaches are a continuing concern for everyone. Credit unions have been required for years to have response programs in place to monitor member accounts, replace cards, etc. NCUA continues to express concerns about new risks created by new technology, such as online banking, mobile banking, remote deposit capture, social media, etc. Early this year, NCUA said in addition to interest-rate risk, its major concern is cybersecurity threats, and not just at large credit unions:

“NCUA field staff will evaluate credit unions’ ability to assess and mitigate cybersecurity risk and respond to cyber-attacks. Credit unions of all sizes will be expected to implement appropriate risk mitigation controls—including vendor due diligence, strong password processes, proper patch management and network monitoring—to better prevent, detect, and recover from cyberattacks.”

Last spring, NCUA said that it would issue further guidance on eBanking, but so far, it hasn’t. The federal banking agencies have similar concerns, so look for the Federal Financial Institutions Examination Council (of which NCUA is a member) to issue guidance on cyberthreat risk mitigation soon.

5. Compliance risk

The list of new or revised federal regulations that apply to credit unions in 2014 include:

  • The CFPB mortgage rules that became effective in January 2014 (including ability-to-repay/qualified mortgages , mortgage servicing, loan originations, high-cost mortgages, homeownership counseling, appraisals, etc.) and the bureau’s international remittance transfers regulation;
  • NCUA’s revised loan participation regulation (that now applies to all federally insured credit unions); the new charitable account regulation for federal credit unions; and revised credit union service organization rules.

NCUA and the CFPB have instructed their examiners not to write up credit unions for noncompliance with the new mortgage lending regulations so long as the credit union is showing a good-faith effort and taking reasonable steps toward full compliance. NCUA and the CFPB are very vague on when examiners will start to take stricter actions. But this is the reality: Failure to comply with all the Truth-in-Lending Act (TILA) regulations can possibly lead to private lawsuits down the road. And remember, the TILA-Real Estate Settlement and Procedures Act new “loan estimates” and “closing disclosure” rules start on Aug. 1, 2015, and don’t expect any delay in that effective date.

Compliance involving the Bank Secrecy Act (BSA) regulations and reporting requirements is ongoing. In 2014, NCUA specifically says that its “field staff will be scrutinizing credit unions’ relationship with money services businesses (MSB), looking to ensure credit unions are in compliance with BSA requirements with regard to MSB member accounts.”

As banks have stopped offering accounts to MSBs, NCUA is concerned that credit unions are opening these accounts without understanding the compliance implications.

Marijuana businesses seeking banking relationships raise BSA and other compliance questions. Credit unions need to move slowly and allow states and the U.S. Department of Justice to figure out how depository institutions can help these businesses establish accounts.

Fair lending is another area you can expect increased CFPB and NCUA scrutiny. The CFPB issued a controversial bulletin last spring on autodealer indirect lending programs, the U.S. Justice Department seems to be stepping up its interest in fair lending cases, and NCUA’s Office of Consumer Protection is conducting annually a limited number of fair lending exams. And additional HMDA data (used to identify possible discriminatory lending patterns) might be required in 2015. So credit unions certainly should review NCUA’s 2013 Fair Lending Guide and assess the adequacy of their policies and compliance procedures.

NEXT: Strategic risk

Other Risks

March 04, 2014 11:09 am
This is a great list, but falls short. Consider the myriad of other risks that can bring the credit union to its knees: Technology risks including viruses, trojans, data breaches and other forms of security compromises. People risks, including disgruntled employees, social engineering attempts, social unrest, prison breakout, social media entries that also affect the mentioned reputational risk. Environmental risks, which could include derailed or overturned chemical tankers,blizzards, hurricanes, tornados, sink holes (save the Corvettes!), earthquakes, mudslides, forest fires. Leaders always need to be asking themselves, "What could stop us from performing our mission?" A solid crisis management organization, coupled with a realistic, exercised business continuity plan is vital to ensure continued operations.

Flag Comment as Offensive

Post a comment to this story

What's Popular

Popular Stories

Recent Discussion

Who Should Be the 2015 CU Hero of the Year?

View Results Poll Archive