NASCUS ’21 S3: Surging virus variant dampens on-site exam resumption

(Clockwise from upper left: NASCUS’ Lucy Ito joins NASCUS Executive Vice President and General Counsel Brian Knight, and NCUA Office of Examination and Insurance Director Myra Toeppe in a discussion of key issues)

(Aug. 20, 2021) The surging Delta variant of the coronavirus is putting a damper on NCUA’s plan to resume on-site operations, including exams, the agency’s top supervisor told the NASCUS S3 conference this week.

According to NCUA Office of Examination and Insurance Director Myra Toeppe, the continued phasing-in of on-site operations depends on the virus variant. She indicated a timetable still needs to be determined. However, the agency is ready (and willing) to go into a credit union whenever it sees a risk to the insurance fund, she said.

“We’ll go in where we need to go in if we see a risk to the insurance fund; we have been clear on that,” Toeppe said during a Tuesday session of the conference. (She was sitting in on the session in place of NCUA Board Chairman Todd Harper, who was unable to attend.) “We do have problem case officers that are doing things. Our regional offices, if we need to be on site, they will get with the (NCUA) executive director to determine from an insurance perspective if we need to go in. We’ve actually had to do some conservatorships during this time. Those are the exception, not the rule.”

But Toeppe emphasized that the agency would move with caution in any event. “People matter,” she said.

The agency’s top examiner also offered a strong defense for NCUA’s call for third-party vendor exam authority. “We do need it,” Toeppe, a former savings and loan regulator, said. “When I first came over to NCUA, I was stunned we didn’t have third-party vendor exam authority. I was used to always having it.” She said her former agency was never accused of abusing the authority, “and it was never a problem.”

Toeppe said NCUA sees reliance “more and more and more” by credit unions on the use of vendors and third parties to help them in a number of areas. She cited data processing and lending as examples.

The agency executive asserted that use of third-party vendors can become a source of risk to the share insurance fund. “And that’s always my focus,” she said. “We want to be sure we aren’t exposing the insurance fund to undue risk. And that’s really where it comes from; it’s a risk perspective for NCUA.”

She added that if the agency secures the authority (which will take an act of Congress to do so), NCUA would use it cautiously. She disputed some reports that the agency would be “ramping up” such as by hiring 500 additional examiners. “I think we’d use (the authority) prudently, where needed, just exactly like the state supervisors have done,” she said. “Where it’s needed, when it’s needed when we see a risk– just like the state supervisors, they’ve used it prudently. The banking regulators use it prudently. I don’t think there would be any difference.

She said that using the authority, when needed, is necessary to avoid a regulatory blind spot. “From (the perspective of) managing the share insurance fund, that makes us very nervous. That’s one thing that keeps me up at night,” she said.

In other comments, Toeppe said:

  • Cybersecurity is a persistent threat; the one risk that just doesn’t go away. “We have ebbs and flows of other risks, but cybersecurity just keeps coming,” she said. “It just doesn’t stop, it’s in everything. It’s the constant ‘come at you’ thing. It’s high level, persistent.”
  • NCUA is not discouraging mergers among credit unions (as opposed to banking regulators with banks, under an executive order from President Joe Biden). “We don’t tell (credit unions) no you can’t merge, but we want to make sure they are doing the right thing.”
  • She has no problem with credit unions buying banks, as long as the transaction is done well and the credit union has done its homework. “Everyone thinks we rubber stamp them,” she said, adding the agency does not. She said the transaction must make sense, and that the agency has be sure of the risk that the insurance fund is taking on with the transaction.