40 THE NAFCU JOURNAL MAY–JUNE 2022 On January 18, 2022, the National Credit Union Administration (NCUA) issued Letter to Credit Unions 22-CU-02, which sets out the agency’s supervisory priorities for the year. The Letter notes that, in 2021, the NCUA trained all NCUA and state regulator users on the Modern Examination and Risk Identification Tool (MERIT), and this year, credit unions may use the platform and its related systems during their examinations. In other examination news, the NCUA finalized the rule adding the “S” component (for Market Sensitivity) to the CAMEL rating system in October 2021. It also redefined the “L” component. This updated the CAMEL rating system to CAMELS, providing more transparency in the ratings to distinguish between liquidity risk (“L” component) and sensitivity to market risk (“S” component). The final rule became effective for examinations starting on or after April 1, 2022. In addition to overall safety and soundness and compliance with all other relevant regulations, the eleven areas of primary focus for the NCUA this year are: credit risk management, information security (cybersecurity), payment systems, Bank Secrecy Act Compliance and Anti-Money Laundering/Countering the Financing of Terrorism, capital adequacy and risk-based capital rule implementation, loan loss reserving, consumer COMPLIANCE CENTRAL A MID-YEAR REVIEW OF NCUA’S 2022 SUPERVISORY PRIORITIES By Rebecca Tetreau, NCCO, NCBSO, Regulatory Compliance Counsel, NAFCU financial protection, loan participations, fraud, London Inter-Bank Offered Rate (LIBOR) transition, and interest rate risk. Credit Risk Management The NCUA continues to focus on credit union’s credit risk management and mitigation efforts. Credit unions’ risk management practices should be appropriate for the nature and level of complexity for all lending programs and activity. The NCUA expects credit unions to maintain safe and sound lending practices and to comply with all relevant consumer financial protection laws, including those regarding disclosures and reporting. Chapter 10 of the NCUA’s Examiner’s Guide provides a helpful outline of what examiners will be looking for. Information Security (Cybersecurity) The NCUA notes that “cybersecurity risks remain a significant threat to the financial system. The likelihood of threats adversely affecting credit unions and their members continues to rise” due to concerns such as “ransomware, thirdparty/supply chain risks, and business e-mail compromises.” To that end, the NCUA continues to update its information security examination procedures and review information security practices. The NCUA’s Cybersecurity Resources webpage includes many helpful resources on this topic, including the Automated Cybersecurity Evaluation Toolbox (ACET) application, which allows credit unions to self-assess and measure their cybersecurity preparedness. Payment Systems Due to the rapidly evolving payments landscape, the NCUA will focus on the growing area of complexity and risk of payment products, services, and operations. These swift changes have the potential to increase the risk of fraud, illicit use, and breaches of data security, prompting the NCUA to increase its focus in the area. Bank Secrecy Act Compliance and Anti-Money Laundering/ Countering the Financing of Terrorism As in recent years, BSA/AML compliance continues to be a focus of the NCUA, as well as other federal regulators. There are BSA and AML/CFT components included in every examination. Pursuant to the Anti-Money Laundering Act of 2020 and the Corporate Transparency Act which amended the BSA, there will be various new requirements for credit unions to follow, including updating their risk-based BSA and AML/CFT policies, procedures, and processes. The new requirements will be rolled out in stages throughout this year, and the FFIEC’s Bank Secrecy Act/Anti-Money Laundering Examination Manual will be updated to reflect these changes.
RkJQdWJsaXNoZXIy Nzc3ODM=