NASCUS Comments: Regulatory Review (2017)

August 14, 2017

Regulatory Review (2017)
Office of the General Counsel
National Credit Union Administration
1775 Duke Street
Alexandria, Virginia 22314

            Via e-mail to ogcmail@ncua.gov

To Office of the General Counsel,

The National Association of State Credit Union Supervisors (NASCUS) appreciates the opportunity to offer the following comments and recommendations regarding NCUA’s Rules and Regulations pursuant to the 2017 Regulatory Review.1  That NCUA adheres to this rolling review pursuant to Interpretive Ruling and Policy Statements (IRPS) 87-2 and 03-2 is laudable. It is particularly so given that the agency has just completed a review of all of its rules and regulations pursuant to the EGRPRA. 2

It is incumbent on regulators to identify, and amend or rescind, rules that are unnecessarily burdensome or duplicative, or ineffective. This is as true for NCUA as it is for our state regulators. It is also true that some unpopular rules are necessary to mitigate material risk to the institutions themselves or to the credit union system. With this balancing in mind, NASCUS submits the following recommendations for improvements to the NCUA regulations covered by this year’s Regulatory Review. We emphasize that all of our recommendations fall within NCUA’s purview, and that if implemented by NCUA, none of our recommendations would elevate the risk to a credit union, the credit union system, or the National Credit Union Share Insurance Fund (NCUSIF) in any way.

Ease Regulatory Burden for Federally Insured State Chartered Credit Unions by Reorganizing NCUA’s Rule and Regulations

NCUA should reorganize its rules to consolidate all NCUSIF based rules in one section and all rules related to the federal charter in another, thereby providing significant regulatory relief to credit unions. Furthermore, this is meaningful regulatory relief that requires no increase in risk tolerance.

NCUA’s current practice of cross referencing rules in Part 741 unnecessarily burdens FISCUs. As an example, the notice NCUA published for this Regulatory Review required a reader planning to comment from the perspective of a FISCU to spend an inordinate amount of time determining which provisions subject to review applied to FISCUs. That is because no Part 741 provision is cited. However, every one of the 12 provisions that are rules related to credit union conduct are cross referenced in Part 741. Only within those pages would the FISCU reader recognize that these rules affect FISCUs. To further complicate matters, the relevant cross-referencing provisions in Part 741 are not limited to Subpart B, Regulations Codified Elsewhere in NCUA's Regulations as Applying to Federal Credit Unions That Also Apply to Federally Insured State-Chartered Credit Unions, as one would think.

The problem with NCUA’s approach of incorporating rules by reference in Part 741 is compounded by the fact that in some cases the wording in Part 741 instructs FISCUs to comply with “applicable” provisions found elsewhere in NCUA’s rules without a clear delineation as to what those “applicable provisions” might be. For example, §741.202 reads, in part:

(a) The supervisory committee of each credit union insured pursuant to title II of the Act shall make or cause to be made an audit of the credit union at least once every calendar year covering the period elapsed since the last audit. The audit must fully meet the applicable requirements set forth in part 715 of this chapter or applicable state law, whichever requirement is more stringent. (12 CFR 741.202)

The difficulty arises because Part 715 does not clearly indicate which provisions are applicable to FISCUs. One reasonable reading is that only the specific audit provisions of Part 715 apply and not the provisions speaking to the supervisory committee in general. The point is that the compliance obligations are unclear.

We note both the Consumer Financial Protection Bureau and the Financial Crimes Enforcement Network undertook reorganization of their rules to make those rules more accessible, searchable, and understandable. NCUA should follow their example.

Consistency and Continuity on Cyber Security Related Initiatives

With respect to Part 748 security requirements, we have no specific rule recommendations. However we do urge NCUA to remain cognizant of the need for a practical and consistent approach to cybersecurity initiatives and expectations.

Bank Secrecy Act and Reporting to the Board

Part 748 of NCUA’s regulations compel credit union compliance with various provisions of the Bank Secrecy Act, USA Patriot Act, and other anti-money laundering statutes (collectively BSA/AML). NASCUS appreciates that a majority of NCUA's BSA/AML related rules under §748 are verbatim implementations of statute, limiting NCUA's discretion to enact changes.

However, one area where NCUA has latitude to provide operational flexibility to some credit unions relates to §7481.1(c)(4)(i) Notification to board of directors. The provision requires a federally insured credit union to "promptly" notify its board of directors, or a designated committee of the board, of any Suspicious Activity Report (SAR) filed. In guidance issued in December 2006, NCUA defined "promptly" as at least monthly, and notes that reporting at the monthly board meeting satisfies this requirement. 3 We note that not all states require monthly board meetings.

NCUA should revise guidance to provide that notification at the next board meeting satisfies the requirement. Providing credit unions some flexibility in reporting SARs to the board does not increase risk to the share insurance fund.

Registration of CUSO Based Mortgage Loan Originators

Part 761.1 refers credit unions to the Consumer Financial Protection Bureau (CFPB) rules that now implement the SAFE Mortgage Licensing Act (SAFE Act) requirements for the licensure or registration of all mortgage loan originators (MLOs). While NCUA no longer possesses rule writing authority for the SAFE Act, the agency may still exercise important discretionary authority regarding which credit union affiliated MLOs register and who must obtain state licensure.

Pursuant to the SAFE Act, any MLO employed by a depository institution, or a federally supervised subsidiary of a depository institution, may register. All other MLOs must obtain state licensing, a more involved process than registration. With respect to Credit Union Service Organizations (CUSOs), NCUA has maintained that it lacks the federal supervisory authority to make CUSO MLOs eligible for registration. Given that NCUA has continued CUSO related rule-making, such as asserting access to CUSOs’ books and records and requiring all CUSOs to register with NCUA and submit detailed business information to the agency, we recommend NCUA re-evaluate its determination that it lacks federal supervisory authority over CUSOs for purposes of SAFE Act registration.

Thank you for the opportunity to submit recommendations for improving NCUA’s rules and regulations. NASCUS is happy to discuss our comments in detail at NCUA’s convenience.

Sincerely,

            [Signature redacted for electronic publication]

Brian Knight
Executive Vice President and General Counsel

1. NASCUS is the professional association of the 45 state credit union regulatory agencies. 

2. The Economic Growth and Regulatory Paperwork Reduction Act, Pub. L. 104–208, Div. A, Title II, § 2222, 110 Stat. 3009 (1996); codified at 12 U.S.C. 3311.

3. See NCUA Regulatory Alert 07-RA-07 Final Rule: Part 748, Filing Requirements for Suspicious Activity Reports.