Information you need: NCUA’s 2024 supervisory priorities
At the end of January, the National Credit Union Administration (NCUA) announced its supervisory priorities for 2024. NCUA issues a list of priorities annually to help insured credit unions navigate compliance, governance and other timely issues.
The new list bears no surprises, but it does contain important reminders across some high-risk categories.
NCUA supervisory priorities for 2024
Even though the industry was largely stable over the past year, the NCUA noted growing signs of financial strain. For example, the total number of CAMELS code 3, 4 and 5 credit unions increased.
In future quarters, if inflation and interest rates stay high, both members and credit unions could run into trouble. To protect performance, the NCUA recommends focusing on these priority areas in 2024:
Credit risk
Consumers are feeling financial pressure from multiple angles, and it’s impacting their ability to repay debts. In response, NCUA examiners are reviewing lending programs for soundness and risk management. They’re taking note of underwriting standards, portfolio management practices, workout strategies and collection programs.
The NCUA held a webinar on loan risk in March 2023 that went into more detail into their concerns and expectations. Wipfli summarized the event, which you can view here.
Examiners will also be reviewing policies and procedures related to the Allowance for Credit Losses, including the methodology(ies) used and the adequacy of the reserves. As credit unions continue to refine and adjust their calculation based on the various risk factors, it is important to have appropriate documentation supporting such assumptions. For additional information and or guidance on the implementation of CECL, see here.
Liquidity risk
Here, the NCUA offered a straightforward reminder: Credit unions need to continually assess liquidity.
Member behavior and economic conditions are ever-changing, so credit unions should prepare for a range of scenarios and be ready with a diverse set of contingency funding plans. Examiners will continue to assess the credit union’s liquidity management efforts, including 1) the appropriateness of scenario analysis, 2) the costs of funding alternatives and 3) the impacts on earnings and capital, funding sources available in normal and stressed conditions and the appropriateness of contingency funding plans that address plausible unexpected liquidity shortfalls. Bottom line: Credit unions need to prove they’ve “planned for the worst and hoped for the best.”
Consumer financial protection
The guidance on consumer financial protection was no surprise, given the level of risk, both reputationally and financially, consumer harm can pose. In 2024, NCUA examiners will continue to look at credit unions’ overdraft programs, advertising, balance calculation methods and settlement programs to protect consumers from potentially predatory practices.
Examiners will be reviewing policies and procedures regarding fair lending, with a focus on risks in marketing, redlining and pricing discrimination.
Auto lending, including indirect lending and flood insurance, are also areas of focus. Examiners will be reviewing auto lending disclosures, policies and practices for compliance with Truth in Lending, specifically how it relates to the application of guaranteed asset protection insurance. Compliance with flood insurance rules will also be an area of concern.
Information security and cybersecurity
Cybersecurity will be a perennial concern for the NCUA, as technology becomes more pervasive in business practices and more complex.
In information security examinations, the NCUA wants to see cybersecurity programs that can adapt and evolve to address new threats. And it wants robust security practices that protect both members and the institution. Credit unions are strongly advised to continuously evaluate their ability to respond to ever-evolving cybersecurity threats by conducting self-assessments using the Automated Cybersecurity Evaluation Toolbox. Cyber incident notification requirements are also in effect, as of September 2023. Credit unions must notify the NCUA within 72 hours if they, or a third-party provider, experiences a cyber incident. Examiners will be reviewing the credit union’s compliance with the requirement; key steps to help ensure compliance are:
- Updating response plans.
- Reviewing third-party contracts.
- Training employees.
- Monitoring and documenting incidents.
Interest rate risk (IRR)
The higher interest rates continue to highlight the market risks at credit unions as a result of the asset and liability mismatches in repricing. Examiners want to see credit unions proactively managing IRR and related risks to capital, asset quality, earnings and liquidity. They are looking for key risk management and control activities. Make sure key assumptions are thoroughly tested, documented and communicated to decision-makers.
Bank Secrecy Act (BSA) compliance
Compliance with BSA continues to be a supervisory area of interest for the NCUA. Examiners will continue to evaluate recordkeeping and reporting compliance during exams. NCUA will also provide any updates to credit unions as regulatory changes and expectations change, specifically as it relates to the Anti-Money Laundering Act of 2020.
How Wipfli can help
The NCUA wants a safe and sound credit union system — and so do we. Our credit union advisory team understand the guidelines and how compliance can become an asset for your institution, not just a box to check. We can help you identify and mitigate major risks and prepare for your next NCUA supervisory test. Contact us today to learn more.
Related reading:
