MARCH 2014
HIGHLIGHTS
2
Chairman’s Corner
Are Credit Unions
the Next Target?
4
The Importance of
Good Directors
Board Actions
Voluntary Liquidation
Proposal Provides
Regulatory Relief,
Consumer Protection
6
Trust But Verify: Member
Account Verifications
7
The OIG Hotline
and Reporting
Credit Union Fraud
9
Office of the Chief Financial Officer Report
SHARE INSURANCE FUND ENDS 2013
IN STRONG POSITION
Board Perspectives
Things that Are Certain
5
WWW.NCUA.GOV
NUMBER 3
First Step in Protecting
Data Is Knowing What
You Have
10 Compliance
Management, HMDA
Data Quality Top Fair
Lending Concerns
11 Credit Unions End 2013
with Positive Financials,
but Risks Loom
12 April Is National Financial
Literacy Month
The Share Insurance Fund ended 2013
in a strong position due to continued
improvement in the performance of federally
insured credit unions and a decline in
insurance and guarantee program liabilities.
Chief Financial Officer MaryAnn Woodson
reported:
n
The Share Insurance Fund ended 2013 with a
1.30 percent equity ratio. NCUA calculated
the ratio on an insured share base of $866.3
billion, compared to $839.4 billion at the end
of 2012, a growth of 3.2 percent. The net
position of the Share Insurance Fund remained
steady at $11.3 billion at the end
of 2013.
“Protecting the Share Insurance
Fund is NCUA’s top priority, and
the 2013 year-end results reflect
the agency’s prudent management
and effective approach to
regulation,”
NCUA
Board
Chairman Debbie Matz said.
“The metrics continue trending
in the right direction. The number
of federally insured credit unions
with CAMEL codes 3, 4 and 5
continued to decline, as did the
exposure level of potential losses.
Liquidations and assisted mergers
fell sharply, with a substantial
drop in actual losses to the fund.”
n
The total number of CAMEL code 3, 4
and 5 credit unions dropped 7.9 percent,
to 1,787 at year-end 2013 from 1,940
in 2012.
Assets of CAMEL code 3 credit unions
decreased to $108.6 billion at the end of the
fourth quarter of 2013, a 9.0 percent drop
from $119.3 billion on Dec. 31, 2012.
CAMEL Code 4/5 Comparison — December 31, 2012 to December 31, 2013
December 2013
Credit Union Size
by Total Assets
3
> $1B
4
$7
4
$500M to $1B
$2.3
3
$1.5
15
$100M to $500M
25
111
$10M to $100M
131
174
< $10M
December 2012
$2.9
$2.9
$3.9
$3.5
$3.9
December 31, 2012
Total Shares: $16.9B
Total Assets: $19.0B
December 31, 2013
Total Shares: $12.1B
Total Assets: $13.8B
$0.5
206 $0.6
$0
$5
$10
$15
Total Shares in Billions
CONTINUED ON PAGE 9
STAY CONNECTED
WITH WWW.NCUA.GOV
Connect with NCUA
at www.linkedin.com/company/ncua
Like NCUA
at www.facebook.com/NCUAgov
Subscribe to NCUA
at www.youtube.com/ncuachannel
Follow NCUA
at www.twitter.com/thencua
Sign up for NCUA Express delivery
at www.ncua.gov/Pages/ncuaexpress.aspx
Chairman’s Corner
ARE CREDIT UNIONS THE NEXT TARGET?
Lately, I’ve been doing a lot of thinking about
the role of the regulator. I think I’ve figured
out a different way to describe it: While
optimists see the glass as half full, and
pessimists see the glass as half empty,
regulators instead worry the glass could
shatter and cut someone’s hand.
That explains why NCUA is constantly on
the lookout for threats to credit unions’ safety
and soundness.
So when cyber-thieves stole personal
information from cards used by 110 million
Target customers, my first thought was:
“How will this impact credit unions?”
Well, now we know. It was credit unions —
not Target — who had to shell out as much as
$15 for every new card. And it was credit
unions that faced the reputation risk of
having to reassure members that their
accounts are still safe.
This serves as a reminder that no matter how
far removed a data breach is from credit
unions, if it affects members, credit unions
can pay dearly.
While cyber-thieves have seen Target’s wellknown “bulls-eye” logo as an invitation,
they’ve also targeted credit unions.
Hackers broke into a medium-size credit union
and used the credit union’s passwords to access
a large credit bureau. From there, the hackers
stole credit reports on hundreds of people who
weren’t even credit union members.
The lesson learned is that cyber-thieves can
hack into a credit union as an entry point to
access data and systems that have nothing to
do with the credit union — just like Target was
hacked through its air conditioning vendor.
accounts. It can take hours to bring systems
back online. After the dust settles, foreign
extremists claim responsibility and deliver antiAmerican messages.
These “denial of service” attacks are part of an
alarming and growing pattern of cyberterrorism against our country.
We have already seen cases where denial of
service attacks were launched to distract IT
staff. Hackers wait until security teams are
focused on the attack at the front door, then
break in through a back window.
Debbie Matz
Chairman
Cyber-terrorism doesn’t just deny services; it
destroys security and dismantles systems.
What makes cyber-terrorists different from cyber-thieves is their objective:
Terrorists want to use smaller institutions like credit unions to break into
larger institutions — with the ultimate goal of bringing down the entire U.S.
financial system.
So credit unions and NCUA play a critical role in protecting cyber-security.
NCUA’s first Supervisory Letter for 2014 described our top priorities.
Examiners will be looking to see how credit unions are implementing risk
mitigation controls to better protect, detect and recover from cyber-attacks.
This includes vendor due diligence, strong password policies, proper patch
management, employee training and network monitoring.
I urge credit unions to:
n
n
n
Make sure IT staff and vendors are on top of emerging cyber-threats.
Share cyber-security best practices and participate in local, state and
national information-sharing forums.
Get educated. Use the resources found on the next page to learn about cyberthreats and hacker tactics that are now featured on the NCUA website.
This is not just a priority for NCUA. Congress is holding hearings and
considering legislation on cyber-security. President Obama has made
strengthening our nation’s cyber-security framework a national priority.
But there is an even worse scenario: Much
different types of attackers — cyber-terrorists
— are now targeting credit unions.
To achieve the president’s goal of combatting cyber-attacks, the National
Institute of Standards and Technology (NIST) recently developed a
voluntary national cyber-security framework for private enterprises —
including credit unions.
When these attackers break through, websites
crash. Members are unable to access their
I encourage credit union officials to review the NIST framework and evaluate
how these new standards could further protect credit unions and members.
CONTINUED ON NEXT PAGE
2
MARCH 2014 “Protecting credit unions and the consumers who own them through effective regulation”
ARE CREDIT UNIONS THE NEXT TARGET? (FROM PREVIOUS PAGE)
Of course, credit unions are not the only ones examined on
important information-security measures. Like other
government agencies, NCUA must adhere to stringent
security standards. Every year, NCUA’s Inspector General
oversees an audit of our information technology controls and
security procedures.
NCUA has stringent security measures in place to protect
credit union members’ information. To log in, examiners use
secure government smart cards, and both their hard drives
and thumb drives are encrypted.
In addition, to make sure that personal information will not
be exposed, it is always deleted before exams are uploaded to
our system.
To further strengthen cyber-security, NCUA partners directly
with the law enforcement and intelligence communities, as
well as other federal financial services regulators on a new
working group.
changes to our supervisory processes in the wake of
increasingly sophisticated cyber-attacks. In the coming
months, our working group plans to hold a webinar to help
financial institutions better understand current cyber-threats
and share new ways to work together.
NCUA will also be issuing guidance to credit unions based
on the working group’s findings and recommendations.
When it comes to taking security measures to protect the
industry, we are all in this together.
It’s like the old story about two men in a canoe: One looks at
the other and says, “Hey, you have a problem. There’s a leak
on your side of the boat.”
So NCUA needs to be ready. The credit union system needs
to be ready. Working together, we will be.
Our working group will focus on better understanding the
cyber-threats and vulnerabilities facing financial institutions.
We are tapping industry experts as we review any necessary
—Debbie Matz
Credit unions of all sizes are a potential target for cyber-crime
and cyber-terrorism. Our new Cyber Security Resource Center
has detailed information and best practices to help credit unions
be better protected. To learn more, visit http://go.usa.gov/Busd.
MARCH 2014
3
Board Perspectives
THINGS THAT ARE CERTAIN
BY MICHAEL E. FRYZEL, NCUA BOARD MEMBER
Benjamin Franklin once said that the
only certain things in life are death and
paying taxes. Well, we all know not
everyone pays income taxes, so I guess
that is not for certain. We do know that
everyone will leave this world. That is a certainty. Hopefully,
when we do leave, we will have worked to make the world a
better place.
clients in the financial services industry. As a result, I’m able
to see both sides of issues. And I’ve tried my best to bring this
diverse knowledge and perspective to my position on the
NCUA Board.
I would like to propose that there may be another certainty
in life. Something that those involved in the financial services
industry or any business for that matter understands. And
that certainty is regulation, the process of government telling
others what to do or how to do it.
It was unfortunate that as a result of the financial meltdown
the federal government, both elected and appointed officials,
often felt the need to put in place as much regulation as
possible, and perhaps not just what was necessary to prevent
a reoccurrence of what happened.
I have been a regulator twice in my professional career, first
as Director of the Illinois Department of Financial Institutions
and second as Chairman and a Board Member of the
National Credit Union Administration. In between those
careers, I was in the private practice of law representing
The Consumer Financial Protection Bureau created as one of
the responses to the financial crisis, some now believe, will
one day be enshrined in the Guinness Book of World Records
as the government agency with more regulations than any
other agency, board, bureau, commission or department.
In my first major address as Chairman, I said that my view on
regulation was as little as possible and as much as necessary.
I still have that view today.
CONTINUED ON PAGE 8
THE IMPORTANCE OF GOOD DIRECTORS
BY RICK METSGER, NCUA BOARD MEMBER
The last week of February marked my
six-month anniversary as an NCUA
Board Member. My pathway to NCUA
mirrors that of many credit union
directors. I worked my way through
college as a custodian at a local middle school, cleaning
bathrooms, waxing hallways and sweeping classrooms.
Though I was not a teacher, my employment as a skilled
maintenance engineer earned me the right to become a
member of the local teacher’s credit union. It loaned me $350
to purchase my first car.
Twenty years later, I decided I wanted to help serve the credit
union that had helped me get my start in life by serving on its
board of directors. I stood outside the credit union’s main
branch, sometimes in the pouring rain, on multiple days until
I had secured the signatures needed to earn a spot on the
ballot. I won the election and served 8 years as a director.
The role I have today is very similar to the role I had at that
credit union.
As a director, my job wasn’t to manage or micro-manage the
operation of my credit union. It was to ask intelligent
questions, to set policies, to offer perspectives that others may
not have considered, and to reassure our members that our
credit union was safe today and for the foreseeable future.
My role at NCUA is similar. Just as it is not a credit union
director’s job to oversee individual loans, my job isn’t to
oversee individual exams. Directors’ jobs are to make sure
that their credit union’s underwriting and investment criteria
are sound. My job is to make sure that our examination and
supervision criteria are sound. Directors want to be reassured
that their loan officers are asking the right questions and
CONTINUED ON PAGE 8
Report fraud, waste, abuse or
misconduct to NCUA’s Office
of Inspector General Hotline
at 1-800-778-4806 or by email at
[email protected].
4
Debbie Matz, Chairman
Michael E. Fryzel, Board Member
Richard T. “Rick” Metsger, Board Member
Office of Public & Congressional Affairs
Ben C. Hardaway, Editor, [email protected]
National Credit Union Administration
1775 Duke Street, Alexandria, VA 22314-3428
MARCH 2014 “Protecting credit unions and the consumers who own them through effective regulation”
Board Actions February 2014
VOLUNTARY LIQUIDATION PROPOSAL
PROVIDES REGULATORY RELIEF,
CONSUMER PROTECTION
At its February meeting, the NCUA Board unanimously
approved a proposed rule that would simplify regulations
governing the process of voluntary liquidations. In addition,
the Board received an update on the Share Insurance Fund.
greater flexibility to use electronic means to publish creditor
notices and issue member share payments, and permit
preliminary distributions to members up to the insured
amount of each share account.
Board Proposes Update of Voluntary Liquidation
Rule to Reduce Regulation
For additional information or to submit a comment on the
proposed rule, visit http://go.usa.gov/Kace. The 60-day
comment period runs through May 2, 2014.
Federal credit unions that choose voluntary liquidation will
have fewer administrative requirements and members would
have greater protection under a proposed rule (Part 710)
approved by the Board.
This proposed rule is part of NCUA’s Regulatory
Modernization Initiative.
“This proposal, modernizing a rule that hasn’t been updated
in more than 20 years, is intended to reduce administrative
requirements and make sure credit union members receive
their insured funds on a timely basis when a credit union goes
through a voluntary liquidation,” Matz said. “We do not
intend to encourage more credit unions to liquidate, but if a
failing credit union chooses this path, we need to make the
process manageable. It’s also important to emphasize that any
interim distributions to members must fall within each
account’s insured limits to prevent uninsured shares from
being paid prematurely.”
Positive Share Insurance Fund Trends Continue
The Share Insurance Fund ended 2013 in a strong position
due to continued improvement in the performance of
federally insured credit unions and a decline in insurance and
guarantee program liabilities.
The Share Insurance Fund ended 2013 with a 1.30 percent
equity ratio. NCUA calculated the ratio on an insured share
base of $866.3 billion, compared to $839.4 billion at the end
of 2012, a growth of 3.2 percent. The net position of the
Share Insurance Fund remained steady at $11.3 billion at the
end of 2013. (See article on page 1.)
Follow
@TheNCUA
on Twitter.
The proposed changes would modernize the existing rule by
increasing dollar thresholds for certain procedural
requirements in a voluntary liquidation, give credit unions
NCUA tweets all open Board
meetings live. You also can access
Board Action Memorandums and
NCUA rule changes online at
www.ncua.gov. NCUA also makes
available videos of open Board
meetings at http://go.usa.gov/KCsJ.
SAVE THE DATE FOR CHAIRMAN MATZ’S
LISTENING SESSIONS THIS SUMMER
Chairman Debbie Matz will host three “Listening
Sessions” across America in June and July.
Each location’s open registration date will be announced
by NCUA CU Express. Registration is free, but limited
to the first 150 people who register for each session. Stay
tuned to www.ncua.gov for more information.
Listening Sessions 2014
DATE
TIME
LOCATION
June 26
1–4 p.m. PDT
California
July 10
1–4 p.m. CDT
Chicago, Ill.
July 17
1–4 p.m. EDT
Washington, D.C.
MARCH 2014
5
Region IV Report
TRUST BUT VERIFY: MEMBER
ACCOUNT VERIFICATIONS
Every two years, NCUA requires federal and state-chartered
credit unions to perform a verification of member accounts.
The member account verification is a process that sends
requests to members to respond back if the activity on their
account is not accurate. These verifications of accounts are a
critical responsibility of a credit union’s supervisory committee
and are recognized as an effective deterrent against fraud.
There are three methods the supervisory committee or its
representative may use when performing the verification
of accounts:
n
n
n
n
6
n
Verification of all member accounts (100 percent
verification), including accounts closed since the last
verification of accounts;
n
A statistical sampling of accounts, which allows random
selection if each account has an equal chance of being
selected; and
n
A non-statistical sampling of accounts, which allows an
independent person licensed by the state to choose among
the two methods above plus a third method of non-statistical
sampling outlined in Generally Accepted Auditing Standards.
Regardless of the method chosen, the supervisory committee
must ensure the verification of accounts is properly
controlled. This includes:
n
REGION IV
Using an independent address or post office box that is not
available to credit union staff or board members. This
address should be used by members to respond if their
account is not accurate. This should also be the return
address on the envelope so undeliverable statements are
returned to the controlled address. It is important to
communicate to members that they should not contact the
credit union’s staff with questions or about discrepancies in
their information. All member questions should be directed
to the supervisory committee or independent party
performing the account verification.
Prohibiting management or operating staff from
preparing the statements, mailing the verifications, or
selecting the samples. The verification should be
completed by the supervisory committee, its clerical staff
or outside professional auditors only. If credit union staff
must be used, they should be properly supervised, and at
no time should be left alone to prepare, print or mail the
members’ statements.
Posting a notice in the local credit union newsletter and in
the credit union lobby informing members that an account
verification is in process. Given recent and widely
publicized scams and security breaches, this is an
important step to reduce member confusion and concern.
Keeping the verification dates from the credit union staff.
Do not inform the credit union staff as to when the
account verification will occur.
Tying balances from the verification back to the loan and
share trial balance, as well as the totals in the general
ledger. The purpose of the verification is to ensure the
balances on the financial statements are accurate and
reconcile with the member trial balance.
Once the verifications are sent out, the committee must
review and research all responses. The verification of
accounts is considered invalid when the committee or auditor
allows credit union personnel to research undeliverable
statements.
Remember, the purpose of the verification is to verify the
accuracy of member account balances. If undeliverable
statements or do-not-mail-accounts are not handled by an
independent party, the results are compromised.
Done correctly, the account verification process can improve
the integrity of a credit union’s financial statements,
encourage its members to review account activity for errors,
and provide an effective deterrent to fraud.
For more information, go to http://go.usa.gov/Bv43.
Connect with
NCUA on LinkedIn
Credit union professionals and industry
leaders are encouraged to connect with us
at http://www.linkedin.com/company/ncua.
MARCH 2014 “Protecting credit unions and the consumers who own them through effective regulation”
Office of the Inspector General Report
THE OIG HOTLINE AND REPORTING CREDIT UNION FRAUD
In recent years, the NCUA Office of
Inspector General Hotline has become a
valuable repository for reports of potential
cases of fraud in credit unions.
The OIG Hotline receives allegations from
NCUA and other federal employees, credit
unions and their members, contractors
and the public that furthers the OIG’s
mission to:
n
n
Promote effectiveness, efficiency and
economy in NCUA’s programs and
operations; and
Prevent and detect fraud, waste and
abuse in such programs and operations.
While the OIG does not have jurisdiction
to investigate fraudulent activity that takes
place in credit unions, it analyzes the
information obtained through the Hotline
and refers potential cases of fraud to the
appropriate regional office, the Office of
Examination and Insurance, and the
Office of General Counsel for immediate
review and action. Moreover, the OIG
relays general information from these
referrals at new employee and supervisor
training sessions to alert NCUA
employees about the need for heightened
fraud awareness.
If you suspect suspicious activity within a
credit union, please report it to our Hotline.
The OIG staff is well trained in basic
interviewing techniques, knowledgeable
about NCUA’s programs and missions, and
is adept at handling anonymous and
confidential complaints. Moreover, the
staff understands the need to protect the
confidentiality of complainants.
The same Hotline number may also be used to report
alleged fraud, waste, abuse or mismanagement, or any other
kind of criminal or noncriminal misconduct relative to
NCUA programs and operations. Unlike reports of fraud in
credit unions, the OIG has statutory jurisdiction to
investigate suspected fraud, waste or abuse in NCUA
programs and operations.
If you are an NCUA employee, NCUA may not take action
against you solely because of your submission of an allegation
to the OIG Hotline. Federal laws protect employees from
reprisals by their employers for “blowing the whistle” on
illegal activity.
If you are unsure whether your complaint involves fraud
within a credit union or an allegation against NCUA, an OIG
Hotline staff member can clarify the nature of your report.
For more information, visit www.ncua.gov/oig.
MARCH 2014
7
THINGS THAT ARE CERTAIN (FROM PAGE 4)
Businesses of all types across the country believe the
government has gone beyond what is necessary in putting in
place what they believe are safeguards to protect against
another economic downturn. They believe the government is
now constraining businesses to the point that they can no
longer grow, make a profit and, in some cases, survive. The
chant for many has become enough is enough.
“
Regulators can also minimize the costs of
regulation and provide transparency to
ensure that the marketplace remains fair
and vibrant. As for eliminating all costs of
regulation, sorry, I don’t think so.
”
will always be regulation. So once we understand and accept
that premise, we can work to see how best we can mold the
outcome of a proposed regulation and what we can expect
from the proposing regulator.
I believe that a regulator, for every regulation that is
proposed, should be required to do the following:
n
Fully explain the regulation.
n
Tell why it is needed.
n
Tell you what it will cost.
At least with those three simple rules, the regulated should
be able to understand what they will have to do, why they
will have to do it and the cost of having to comply.
I can understand the view of those who believe less is better.
To try and function with added constraints is neither easy nor
desired. Many believe regulation contradicts the claim of
functioning in a free society.
Can you expect anything else? Sure, you can expect the
opportunity to express what your thoughts are about the rule,
and how it can be made better. Regulators can also minimize
the costs of regulation and provide transparency to ensure
that the marketplace remains fair and vibrant. As for
eliminating all costs of regulation, sorry, I don’t think so.
You must realize and understand that some things in life
never change. There will always be government; hence, there
Regulation, if overdone, can cause the death of business. And
that is one thing I am certain of.
THE IMPORTANCE OF GOOD DIRECTORS (FROM PAGE 4)
making the right decisions. I want to be reassured that our
examiners are doing the same.
It is as much an honor to serve on the board of a credit union
as it is to serve on the NCUA Board. But there is nothing
honorary about our roles. We are both expected to give our
best efforts to engage, question, evaluate and act, as
necessary, to ensure the institution’s viability, relevancy and
dedication to its mission.
As a regulator, I understand the financial marketplace is
changing rapidly, fueled by technology and consumer
demand. I understand why many directors believe charters
must evolve so credit unions can continue to meet the
financial needs of their members. Similarly, NCUA’s own
regulatory authority needs to evolve so it can ensure the safety
and soundness of the system in light of new products, powers
or systems.
But in the pursuit of safety and soundness, I am also mindful
that credit unions must not be so constrained by their
regulator, or so risk-averse, that they cannot meet the
financial needs of their members. A credit union that is safe
and sound, but irrelevant to its members’ needs, is not a
viable outcome of regulation.
8
In any endeavor, we must always pause to review our
objective and critique our performance. Goals such as
membership targets, loan growth, assets, earnings and even
“
A credit union that is safe and sound, but
irrelevant to its members’ needs, is not a
viable outcome of regulation.
”
CAMEL ratings are not, in themselves, the standards of
success. Credit unions must measure their performance
against a double bottom line—the bottom line of their
institutions and the bottom line of their members. Credit
unions’ best-line of defense against those who would curtail
their ability to meet their members’ needs is to document how
their credit union differentiates itself in the community it
serves, and how it meets the needs of individuals in the field
of membership, both as borrowers and savers.
Both NCUA, as regulator, and credit unions, as memberowned, not-for-profit cooperatives, must measure our success
against our mission to safely serve members’ financial needs
today and for generations to come.
MARCH 2014 “Protecting credit unions and the consumers who own them through effective regulation”
Office of National Examinations
and Supervision Report
FIRST STEP IN PROTECTING DATA
IS KNOWING WHAT YOU HAVE
With cyber-security increasingly becoming a concern for
credit unions, where do credit unions begin to set up
protections? You have to know what you have and where it
is before you can adequately protect it. This is where a data
classification program comes into play.
Data classification is the process of defining the sensitivity of
data in order to provide it appropriate levels of protection
from unauthorized access, disclosure or loss. A properly
designed data classification standard is also critical to
developing effective and efficient business continuity and
incident response plans.
An effective data classification standard has, at the minimum,
the following elements:
n
Sensitivity levels of information (that is, public, internal or
confidential) based on the impact of potential disclosure,
unauthorized access or destruction;
n
n
Data labeling requirements and procedures; and
Procedures for the storing, handling, creating and
destroying information or documents, and transmitting
data based on classification levels.
A thorough risk-assessment is necessary to determine the
sensitivity and value of information and its systems’
components against potential threats and vulnerabilities.
Without this assessment, it’s possible that a credit union’s
resources are focused on the wrong areas, while leaving other
areas exposed. Cyber-threats are evolving, so regular riskassessments help ensure that a current classification and its
protection measures are still appropriate
The Federal Financial Institutions Examination Council’s
Information Technology Examination Handbook can help
credit union managers begin the process of developing their
data classification system. To learn more, go to
http://ithandbook.ffiec.gov.
SHARE INSURANCE FUND ENDS 2013 IN STRONG POSITION (FROM PAGE 1)
n
Assets of CAMEL code 4 and 5 credit unions fell 27.4
percent, to $13.8 billion at the end of 2013, down from
$19 billion for year-end 2012.
Woodson also noted, overall, the amount of assets in CAMEL
code 3, 4 and 5 credit unions have decreased 40.5 percent
since reaching a high in September 2010. The continuation
of these positive trends and other factors contributed to a net
decrease of $191.8 million, or 46.5 percent, in the Share
Insurance Fund’s reserve for insurance losses during 2013.
During 2013, there were 17 credit union liquidations and
assisted mergers, compared to 22 in 2012. The total amount
of losses associated with failures in 2013 was $66.8 million, a
decrease of 68 percent from $210.5 million the previous year.
When the Temporary Corporate Credit Union Stabilization
Fund has outstanding borrowings from the U.S. Treasury, the
Federal Credit Union Act requires NCUA to make a
distribution from the Share Insurance Fund if that fund has
an equity ratio above the normal operating level of 1.30
percent at year’s end. As a result, NCUA transferred $95.3
million to the Stabilization Fund.
This transfer will reduce future cash needs of the Stabilization
Fund. Before the transfer, the Share Insurance Fund equity
ratio had risen to 1.31 percent.
NCUA did not assess a Share Insurance Fund premium in
2013. At the Board’s open meeting in November 2013, the
Board received a briefing on the proposed premium range for
2014; staff recommended a range of zero to five basis points.
Finally, Woodson reported to the Board that the Share
Insurance Fund and the agency’s three other permanent funds
— the Operating Fund, the Central Liquidity Facility and the
Community Development Revolving Loan Fund — each
received an unmodified, or “clean,” audit for 2013 from the
agency’s independent auditor.
For more information
http://go.usa.gov/BsgG.
on
these
audits,
visit
MARCH 2014
9
Office of Consumer Protection Report
COMPLIANCE MANAGEMENT, HMDA DATA QUALITY TOP
FAIR LENDING CONCERNS
The NCUA Report recently sat down with Matthew
Biliouris, the Office of Consumer Protection’s new Deputy
Director, to discuss the agency’s fair lending program.
Q: We’ve recently experienced a lot of regulatory changes
when it comes to mortgage lending. What are some of the
major fair lending compliance issues you are seeing?
A: The major issue we are seeing is inadequate fair lending
compliance management programs. An inadequate program
limits a credit union’s capacity to prevent, identify and selfcorrect violations. To help ensure compliance with fair
lending laws, a credit union should develop and implement a
fair lending compliance program that includes policies and
procedures, risk assessments, training, monitoring, an audit
and review function, and oversight by management and the
board of directors.
These activities should be appropriate for the size and
complexity of the credit union. NCUA’s Fair Lending Guide
and Fair Lending Compliance Best Practices for Federal
Credit Unions can assist a credit union in developing a strong
fair lending compliance management program. (Editor’s Note:
These documents are available at http://go.usa.gov/BSfz and
http://go.usa.gov/BSGd.)
We are also still seeing issues with data quality errors in
Home Mortgage Disclosure Act reports. In addition to being
required by Regulation C, accurate HMDA data is essential to
a credit union performing a sound fair lending analysis as part
of a compliance management program. Credit unions should
ensure that the staff responsible for HMDA reporting receives
training and establish a verification system to test HMDA
data. The publication, A Guide to HMDA Reporting, Getting
It Right! can help a credit union with reporting accurate
HMDA data. (Editor’s Note: To learn more, go to
http://go.usa.gov/KCFP.)
Q: Last year, your office started conducting off-site contacts
with credit unions. Why did you start doing this? What has
the reception been?
A: The Office of Consumer Protection conducts approximately
25 on-site fair lending examinations per year. NCUA initiated
off-site supervision contacts as a way to meet its fair lending
enforcement responsibilities, educate as many credit unions as
possible on fair lending and consumer protection laws, as well
as outline expectations for a fair lending compliance
management program. NCUA completed 41 off-site
supervision contacts last year and plans to complete
approximately 50 off-site supervision contacts in 2014.
The reception from credit unions has been quite positive.
Overall, credit unions appreciate the recommendations
NCUA makes to strengthen their fair lending compliance
management programs.
Q: Have you made any changes to your fair lending
examination program?
A: Yes, NCUA has implemented a risk-focused approach to
conducting on-site examinations and off-site supervision
contacts.
Examinations include a transactional review of fair lending
risk factors plus a review of the credit union’s fair lending
compliance management system. Examination focal points
and contact scoping are based on multiple factors including
HMDA reporting outliers and violations identified in safety
and soundness examinations or through the complaint
process. Supervision contacts also review a credit union’s fair
lending compliance management system.
For example, if a review of a credit union’s HMDA report
indicates its lending practices fall outside the normal range
for pricing, denials, withdrawals or loan terms when
compared to other credit unions, these disparities will be
designated as the focal points for review during the on-site
examination. Supervision contacts that disclose possible
discriminatory practices or significant findings of noncompliance with fair lending laws or regulations will be
considered for a follow-on examination.
Credit unions should know that NCUA conducts its fair lending
compliance program in accordance with the FFIEC’s Interagency
Fair Lending Examination Procedures. (Editor’s Note: These
procedures are available at http://go.usa.gov/BS7m.)
Q: Third parties have been a concern for some time now. Are
there any compliance concerns you are seeing with third
parties? If so, what are they?
A: Yes, NCUA is seeing compliance issues with managing
third-party relationships. Specifically, compliance issues can
occur in situations where a credit union contracts with a third
party to perform services, but the credit union fails to provide
proper oversight.
A fair lending example might involve an indirect auto lending
relationship where the dealer is allowed, for compensation
purposes, to increase or markup the borrower’s interest rate
above the credit union’s buy or purchase rate. If a credit union
does not monitor the dealer’s pricing decisions, it could result
in pricing disparities on any of the prohibited bases outlined
CONTINUED ON NEXT PAGE
10
MARCH 2014 “Protecting credit unions and the consumers who own them through effective regulation”
Office of Examination and Insurance Report
CREDIT UNIONS END 2013 WITH POSITIVE FINANCIALS,
BUT RISKS LOOM
An improving economy led to strong loan, net worth and
membership growth in 2013, but credit unions are
increasingly taking on longer-term investments, making them
increasingly vulnerable to interest-rate risk.
than 3 years increased by 32.6 percent, rising to $118.4
billion, an all-time high. Long-term investments as a share of
assets stood at 11.8 percent, up from 9.4 percent at the end
of 2012 and up from 3.4 percent at the end of 2009.
According to the year-end Call Report data, growth in longterm investments continued unabated in the fourth quarter
of 2013, despite a decline in investments overall and as a
share of assets.
Other highlights from the year-end data include:
Federally insured credit unions’ investments grew from $280
billion at the beginning of the year to $299 billion at the end
of the second quarter, then declined to $285 billion by the
end of the year. Most of that decline was in short-term
investments. The most dramatic growth occurred in 5-to-10
year maturities, which increased by $14 billion, or nearly 60
percent, from the end of 2012.
In a rising interest rate environment, excessive exposure to
longer-term investments as loan growth expands could pose
risks for credit unions. Exposure to long-term assets has
tripled since year-end 2007. During 2013, investments greater
n
n
n
n
n
The return on average assets ratio stood at 78 basis points,
down from 85 basis points at the end of 2012
New auto loans grew to $71.4 billion, up 12.8 percent
since the end of 2012.
First mortgage loans reached $267.8 billion, up 8.8 percent
from the end of 2012.
Net member business loan balances grew to more than
$45.9 billion, an increase of 10.1 percent from $41.7
billion at the end of 2012.
Earnings for 2013 were $8.1 billion, a 3.8 percent decrease
from $8.5 billion in 2012
For more information, go to http://go.usa.gov/KacY.
COMPLIANCE MANAGEMENT, HMDA DATA QUALITY TOP FAIR LENDING CONCERNS (FROM PREVIOUS PAGE)
in the Equal Credit Opportunity Act and the credit union
could be liable under ECOA and its implementing regulation,
Regulation B.
Credit unions need to ensure proper oversight of all thirdparty relationships.
The Consumer Financial Protection Bureau, which has
rulemaking authority for Regulation B, issued a bulletin
last year that provides additional information about indirect
auto lending and ECOA compliance. (Editor’s Note: It is
available at http://go.usa.gov/BSAY.)
Q: How should credit unions address these concerns?
A: NCUA has issued several pieces of guidance on managing
third-party risk, all of which are available on NCUA’s
website. This guidance emphasizes that proper oversight of
third-party relationships involves addressing the following
concepts in a manner appropriate with the credit union’s size,
complexity and risk profile:
n
Risk assessment and planning;
n
Due diligence; and
n
Risk measurement, monitoring and control.
NCUA Letter to Credit Unions, 07-CU-13 “Evaluating Third
Party Relationships” provides significant detail about the
oversight required before entering into third-party
relationships, as well as, the ongoing oversight needed to
monitor those relationships. (Editor’s Note: This letter is
available at http://go.usa.gov/BSAw.)
Q: What is NCUA doing to help credit unions navigate the
new mortgage rules that went into effect in January?
A: NCUA has issued Regulatory Alerts and Letters to Credit
Unions, published articles in The NCUA Report, contributed
to interagency statements, hosted industry webinars, and
participated in a town hall meeting with CFPB Director
Richard Cordray. Nearly all of this material is available on
NCUA’s website.
NCUA also launched a new video series, NCUA Consumer
Protection Update, to help credit unions and their members
better understand and follow consumer protection rules. The
three-part series that includes information on the new
mortgage rules was released in 2013. (Editor’s Note: The
series is available at http://go.usa.gov/BSs5.)
MARCH 2014
11
1775 Duke Street | Alexandria, VA 22314-3428
Office of Consumer Protection Report
APRIL IS NATIONAL FINANCIAL LITERACY MONTH
National Financial Literacy Month is a national initiative that
brings attention to the importance of maintaining healthy
financial habits throughout a person’s lifetime.
During Financial Literacy Month, NCUA
will provide new resources to help
credit unions encourage their
members to think about saving,
building wealth and making smarter
financial decisions.
To help credit unions begin these conversations, NCUA
has resources available on its consumer website,
MyCreditUnion.gov, and our financial literacy microsite,
Pocket Cents. Consumers and credit unions can find helpful
articles on the cost of education, the power of savings, what
to look for with mortgage loans, how to protect yourself from
frauds and scams, and much more.
The popular savings-focused game for youth called Hit the
Road is also featured. This game provides a fun and
interactive platform for teaching young people about the
importance of saving and spending wisely, while on a virtual
road trip to Colorado.
Visitors can also connect with NCUA’s consumer Twitter
feed, @MyCUgov, to stay up-to-date on the latest consumer
protection information and tips for improving personal
finance knowledge.
Go to MyCreditUnion.gov and Pocket Cents to learn more.
The NCUA Report is published by the National Credit Union Administration, the federal agency that supervises and insures most credit unions.
12
MARCH 2014 “Protecting credit unions and the consumers who own them through effective regulation”