What to Expect from Examiners in 2016
January 13, 2016 7:30 AM
NCUA sent a letter to credit unions outlining the agencys top priorities examiners will be focusing on as they audit credit unions this year.
Cybersecurity Assessment
Data security topped the list of NCUA's priorities. In the letter to CUs, Debbie Matz encouraged credit unions to use the Cybersecurity Assessment Tool that NCUA jointly released with the Federal Financial Institutions Examination Council last June.
"The tool is designed to enhance cybersecurity oversight and management capabilities, and to identify any gaps in an institution's risk-management practices, NCUA Chairman Debbie Matz wrote in the letter. "Credit unions can use this tool to enhance their cybersecurity preparedness."
Response Programs for Unauthorized Access to Member Information
Calling incident response procedures a "key part of a credit union's information security program," Matz warned that agency field staff will be reviewing CU's programs during 2015 exams.
The letter referred credit unions to
Bank Secrecy Act Compliance
The agency said its field staff is required to review CUs' compliance with the Bank Secrety Act, including an examination questionnaire at every exam. "In 2016, NCUA field staff will focus on credit unions' relationships with money services businesses, also known as MSBs," the letter said, noting that CUs can serve MSBs but must be aware of the risks associated with doing so.
Interest Rate Risk
NCUA has long been focused on interest rate risk, and now that rates have finally begun to rise, it will be a key supervisory focus in 2016, the agency said. "NCUA is in the process of updating interest rate risk management supervisory guidance, which will be published in 2016," Matz wrote in the letter. "As part of this effort, NCUA field staff will transition to the updated IRR examination procedures over the course of 2016." Examiners will be receiving specialized training on evaluating IRR in April, and CUs should provide them with documentation supporting their ability to manage IRR.
TILA-RESPA Integrated Disclosure Rule
Examiners will begin looking at CUs' TILA-RESPA disclosures to ensure that any credit unions that accepted real estate loans on or after Oct. 3, 2015 are in compliance with the new integrated disclosure rules promulgated by the Consumer Financial Protection Bureau.
CUSO Reporting
In the letter, the agency reminded that credit unions that invest in or lend to a credit union service organization (CUSO), are now required to enter into a written agreement that requires the CUSO to submit annual reports to NCUA.
"CUSOs will start providing their annual reports through the CUSO Registry in 2016," NCUA wrote. "Once the deadline for CUSOs to register with NCUA has passed, field staff will check to ensure any CUSO a credit union has loaned to or invested in has registered with NCUA."
