The National Credit Union Administration (NCUA) recently released its supervisory priorities for 2024, focusing on the highest-risk areas of the credit union industry. These yearly guidelines help insured credit unions handle governance and compliance, and cover five main priorities: consumer financial protection, credit risk, interest rate risk, liquidity risk and cybersecurity.
In this article, we’ll outline the key changes in each area and provide some guiding questions to help your financial institution navigate these new priorities.
Consumer Financial Protection Risk
While the priorities and escalation of concerns change through each administration, several similar priorities continue to be pushed, including overdraft protection and Fair Lending.
Examiners will expect that your overdraft programs have sufficient advertising and disclosure, that fees are properly calculated and applied consistently, and ensure the fee schedules are not aggressive. These programs should give vulnerable members the flexibility to avoid overdraft charges for small dollar overages and the ability to get out of debt by avoiding aggressive and repetitive overdrawn penalties.
Even without enhanced data collected with the HMDA mortgage application, there are ways to look at the portfolios to identify disparities in lending activities. Examiners will look at your larger, third-party-originated portfolios for analysis and monitoring.
CARS Act
With the enactment of the CARS Act and the car-selling boom over the past three years, the NCUA is enacting more oversight into the car industry. The priorities target auto lending through indirect lending programs and take a deep dive into the Truth-in-Lending requirements. They also address concerns regarding the consumer benefit and financing of GAP Insurance (Guaranteed Asset Protection), where a borrower may not be required to pay off a loan if certain circumstances occur.
In addition, flood insurance compliance will be a targeted concern.
Credit Risk
With changing economic conditions, the credit risk environment has changed rapidly in the last few years. After the explosion of loan portfolios for credit unions in 2022, last year saw the start of aggregate loan performance deterioration. While there are many factors that play into this, the combination of high interest rates, declining savings levels and the end of pandemic-era relief programs has made some borrowers unable to repay their loans. NCUA examiners will continue reviewing the practices of existing lending programs to ensure they’re sound. This includes reviewing adjustments made to loan underwriting standards, strategies for handling financial hardships of borrowers and portfolio monitoring programs.
Examiners will consider all factors that go into a credit union’s effort to provide borrowers relief to determine if efforts were reasonable and conducted with the proper controls and management oversight. Some questions your organization should consider are:
- What modifications and collection strategies do you currently have in place?
- Are you completing those in-house or through a third-party vendor?
- How are you ensuring borrowers are consistently being treated fairly?
Interest Rate Risk
As uncertainty around interest rates persists, credit unions must maintain strong liquidity risk management this year, due to increased market risk in asset and liability repricing mismatches. In terms of interest rate risk, the NCUA will be specifically looking at verifying that key assumptions and related data sets are well-documented and reasonable, checking if backtesting was completed, confirming interest rate risk exposure is being controlled and properly measured, and ensuring proactive measures are being taken to remain within policy limits, among other areas.
When reviewing your organization’s risk management, ask yourself:
- Are you conducting a scenario analysis to identify liquidity and interest rate issues in different economic environments?
- Do you have a process for determining interest rate risk?
- Are you communicating results to decision-makers and the board of directors?
Liquidity Risk
The new priorities place a stronger emphasis on risk projections, forecasting assumptions and forward-looking cash flows. Current priorities will continue to be evaluated, including the effects of changing interest rates on borrowing capacity and market value, the status of diversified funding sources under normal and stressed conditions, the price of different funding alternatives, and how it impacts earnings and capital, among other items.
Your organization might want to contemplate the following questions to determine your level of liquidity risk:
- Are the liquidity sources periodically tested for availability?
- Under what circumstances are lines of credit allowed to be closed or restricted?
- How does your institution identify, develop and evaluate alternative funding methods?
Cybersecurity
As with 2023, the NCUA continues to monitor cybersecurity and determine whether the items from its Cyber Incident Notification Requirements letter have been instated. Those requirements include training employees, monitoring and documenting incidents, reviewing third-party contracts and updating response plans.
When documenting incidents, be sure they’re also meeting the reporting criteria. NCUA specifically asks for the following items to be documented:
- Indicators of compromise
- Network information or traffic regarding the attack
- The attack vector
- Information on any exfiltrated data
- Any forensic or other reports about the reportable cyber incident
Need further insight on these new priorities and what your financial institution must do to be compliant? RKL’s team of assurance professionals can help. Use the form below or reach out to your RKL advisor to start the conversation.
