ORLANDO — CUSO leaders were given an update on NCUA's relatively new oversight of their operations by a trio of agency reps at the NACUSO annual meeting here.
The new rule only been in effect since November 2013 and is designed to gather information on an aspect of credit unions on which NCUA previously had surprisingly little data.
The agency has been quick to point out that the rule is really geared toward the CUSOs that are engaged in high-risk activities, but some CUSO executives have questioned how NCUA is defining what is high risk.
Pamela Yu, staff attorney with NCUA, said the new rule was a response to safety and soundness concerns, "the most pressing of which was the lack of accurate information to fully determine the financial condition of CUSOs, the full range of services offered, the number of CUSOs, or the relationship between CUSO and credit union."
Yu told the 450 people on hand that for the most part the rule isn't aimed at them, and instead is meant to address CUSOs "engaged in complex or high-risk activities, with the final rule tailored to the riskiest CUSOs." Specifically, it is focused on CUSOs that are involved in credit and lending, IT, custody, safekeeping and investment management CUSOs.
But Stan Hollen, CEO of CO-OP Financial Services, Rancho Cucamonga, Calif., pressed the NCUA staff for how a CUSO that provides IT services could possibly represent a systemic risk.
"With IT we have seen real concerns about security and malicious attacks," answered Yu. "One of the things is interconnectedness. In IT we see a CUSO that will serve a large number of credit unions, and that segment of the industry has more interconnectedness."
When Hollen again asked where the systemic risk lies, Frank Kressman, associate general counsel-regulations and legislation, said: "What we're attempting to do in the rulemaking is provide sufficient justification for a safe and sound framework. Some of this is looking forward to the next potential problem. There is concern that with an increase in the electronic aspect of the CU industry this is an area we perceive as potentially problematic. It may be true we can't point to an example right now, but certainly it's an increasingly complex and prevalent part of credit union operations and it's something we're concerned about."
Added D. Scott Neat from NCUA's Office of Examination and Insurance: "Cybersecurity is a huge concern for the industry right now. I'm on the FFIEC panel; there is a subcommittee on IT related issues. We're all trying to get our arms around what risk is out there. We view it as a very volatile area."
In earlier remarks NCUA Board Member Rick Metsger told CUSOs the two biggest concerns over emerging risks at the agency are interest rate risk and cybersecurity. "With cybersecurity, the word is diligence. Cyber-thieves perceive that smaller institutions are more vulnerable. CUSOs can also be targeted," he cautioned.
