FinCEN ANPRM: No-Action Letters

FinCEN ANPRM: No-Action Letters
Prepared by NASCUS Legislative & Regulatory Affairs Department
June 2022

FinCEN has issued an advance notice of proposed rulemaking (ANPRM) soliciting public comment on questions relating to the implementation of a no-action letter process. The no-action letter process at FinCEN may affect or overlap with other forms of regulatory guidance and relief FinCEN currently offers, including administrative rules and exceptive or exemptive relief. Therefore, the ANPRM seeks input from the public on whether a no-action letter process should be implemented and, if so, how the no-action letter process should interact with those other forms of relief.

Comments are due to FinCEN by August 5, 2022.

Summary

Section 6305(a) of the Anti-Money Laundering Act of 2020 (the AML Act) requires FinCEN to assess whether a no-action letter process should be established in response to inquiries concerning AML or countering the financing of terrorism (CFT) laws and how regulations apply to specific conduct.

The “no-action” letter is “a form of an exercise of enforcement discretion wherein an agency issues a letter indicating its intention not to take enforcement action against the submitting party for the specific conduct presented to the agency.” Such letters “address only prospective activity not yet undertaken by the submitting party.”

FinCEN submitted a Report to Congress on June 28, 2021, as required under 6305(b) of the AML Act,  concluding that FinCEN should undertake a rulemaking to establish a no-action letter process to supplement the existing forms of regulatory guidance.

Regulatory Relief

FinCEN currently provides two forms of regulatory guidance. It may issue an administrative ruling that applies FinCEN’s interpretation of the Bank Secrecy Act (BSA), or it may provide exceptive/exemptive relief by granting an exception or exemption from BSA requirements in specific circumstances. An example of such a ruling/exception can be found here.

The no-action letter would provide a third form of guidance and would generally permit a submitting party to seek potential guidance from FinCEN indicating whether FinCEN would pursue or recommend enforcement action for specific conduct identified by the submitting party.

The AML Act and the No-Action Letter Report

The primary benefits of the no-action letter process identified in the 2021 Report include “promoting a robust and productive dialogue with the public, spurring innovation among financial institutions, and enhancing the culture of compliance and transparency in the application and enforcement of the BSA.”

Questions for Comment

The ANPRM consists of 48 questions. The questions include general questions related to the findings contained in the Assessment. In addition to the general questions, FinCEN is also seeking comment on several categories:

  • The contours and format of a FinCEN no-action letter process;
  • FinCEN jurisdiction and no-action letters;
  • Changed circumstances; revocation;
  • No-action letter denials and withdrawals; confidentiality; and
  • Consultation

NASCUS has highlighted some of those questions below.

  • While FinCEN has no legal authority to prevent another agency, including a Federal functional regulator or the DOJ, from taking an enforcement action under the laws or regulations that it administers, are there additional points FinCEN should consider in assessing the viability of a cross-regulator no-action letter process? What is the value of establish a FinCEN no-action letter process if other regulators with jurisdiction over the same entity do not issue a similar no-action letter?
  • Would a no-action letter process involving FinCEN only be useful? Why or why not?
  • To what extent would an institution be able to rely on a no-action letter from FinCEN if the institution is subject to oversight and examination for the same or similar matters by another agency?
  • What impact would a FinCEN-only no-action letter process or a cross-regulator no-action process have on State, local, or Tribal regulators?
  • Should FinCEN establish via regulation any limitations on which factual circumstances would be appropriate for a no-action letter? If yes, what should those limitations be?
  • Should FinCEN limit the scope of no-action letters so that such requests may not be submitted during a BSA or BSA-related examination—including when the subject of the request is already a matter under examination, or when it becomes a matter under examination while the no-action letter process is ongoing?
  • Would it be valuable for FinCEN provide to information from a no-action letter request to agencies with delegated examination authority under 31 CFR 1010.810 for the purpose of evaluating specific conduct addressed in a no-action letter request, including, among other things, to obtain information that may inform FinCEN’s response to the request?
  • How should the no-action letter process apply to agents, third parties, domestic affiliates, and foreign affiliates that may be conducting anti-money laundering or BSA functions on behalf of a financial institution either inside or outside the United States?
  • Should a change in the overall business organization, such as when two entities merge or one entity acquires another, cause a no-action letter to lose its effect? If so, under what circumstances? If not, how would such a no-action letter continue to apply?
  • Should FinCEN publicize standards governing the revocation of no-action letters, or should revocation be determined on a case-by-case basis?
  • If a no-action letter is revoked, how should FinCEN handle conduct that occurred while the no-action letter was active? In particular, would a rescission result in potential enforcement actions only for conduct after the rescission date, or would an entity also potentially be subject to liability for conduct that occurred while the now-revoked letter was active? Would the answer depend on the basis for the revocation?
  • Should FinCEN create an appeals or reconsideration process for no-action letter denials? What factors and procedures should this process involve?
  • Should FinCEN publish denials on its website? If so, what level of detail and type of information should be included? For example, should denials be anonymized?
  • Should FinCEN maintain the confidentiality of no-action letters for a period of time, or indefinitely, after granting them? Under what circumstances should FinCEN maintain confidentiality?
  • Should no-action letters be used as published precedents? If so, under what circumstances and conditions should they be precedential? Should no-action letters be applicable beyond the requesting institutions, and under what circumstances and conditions?
  • If no-action letters and their underlying requests are made public, how should FinCEN handle content that is confidential or sensitive, such as triggering mechanisms for suspicious activity report (SAR) reviews?
  • What procedures should be put in place for FinCEN to consult with other relevant regulators or law enforcement agencies regarding no-action letter requests?
  • How can FinCEN best balance the need to consult other regulators or law enforcement with the desires of submitting parties for confidentiality and expediency?
  • Should FinCEN require a submitting party that is seeking a no-action letter to identify all of its regulators? Should FinCEN require that institution to identify all of the regulators of its parent or subsidiary corporations?
  • Under what circumstances other than consultation should information FinCEN obtains through the no-action letter process be shared with other Federal, State, local, and Tribal agencies, including the U.S. Department of Justice?
  • What value or benefit does a no-action letter bring that is distinct from an administrative ruling, or from exceptive or exemptive relief?

CFPB Summary re: Request for Information Regarding Relationship Banking and Customer Service
Docket No. CFPB 2022 0040

The Consumer Financial Protection Bureau (CFPB) is seeking comments from the public related to relationship banking and how consumers can assert the right to obtain timely responses to requests for information about their accounts from banks and credit unions with more than $10 billion in assets, as well as from their affiliates.

Comments must be received by August 22, 2022.  The request for information (RFI) can be found here, https://www.govinfo.gov/content/pkg/FR-2022-06-21/pdf/2022-13207.pdf.

Summary:

Section 1034(c) of the Consumer Financial Protection Act (CFPA) gives consumers a legal right to obtain information from the approximately 175 largest banks and credit unions in the country with more than $10 billion in assets, as well as from their affiliates.  Through this statutory authority, consumers are able to gain valuable insight into their accounts by requesting certain account information from their depository institution.

This request for information seeks feedback from the public on what customer service obstacles consumers face in the banking market and, specifically, what information would be helpful for consumers to obtain from depository institutions pursuant to Section 1034 of the CFPA.  The Bureau encourages the public to submit stories, data and information related to this RFI.  To assist in the development of responses, the CFPB has provided the following prompting questions:

  • What types of information do consumers request from their depository institution? How are consumers using the information?
  • What types of information do consumers request from their depository institutions, but are often unable to obtain?
  • How does the channel (phone, in-writing, online, in-person) through which consumers request information impact their ability to obtain information?
  • How do consumers’ customer service experiences differ depending on the channel through which they interact with their depository institution (phone, in-writing, online, in-person)?
  • How are customer service representatives evaluated and compensated, and how might compensation structure and incentives impact the service provided?
  • What customer services obstacles have consumers experienced that have adversely affected their ability to bank?
  • What unique customer service obstacles do immigrants, rural communities, or older consumers experience?
  • What are typical call wait times?
  • How often are calls dropped or disconnected? How often do companies use automated and digital communication channels such as interactive voice response (IVR) systems and online chat functions?
  • Are there any fees associated with customer service or requests for information?
  • What are the most important customer service features or experiences that help produce satisfactory banking relationships between financial institutions and consumers?
  • Please explain the value of consumers having access to the following information pertaining to their accounts:
  • Internal or external communications about an account
  • A listing of all companies that are provided with information about an account.
  • The purposes for which information about a consumer’s account are shared.
  • Any compensation that a depository institution receives for sharing information about an account.
  • Any conditions placed on the use of information about an account.
  • A listing of all companies with authorization to receive automatic reoccurring payments from an account.
  • Information reviewed or used in investigating a consumer’s dispute about an account.
  • Any third-party information used to make account decisions about consumers, including but not limited to consumer reports and credit or other risk scores.
  • What information would be helpful for consumers to obtain from depository institutions in order to improve their banking experience?
  • How have methods of customer engagement changed as a result of the COVID-19 pandemic?

 

 

 

 

 

 

NCUA Letter to Credit Unions 22-CU-07: Federally Insured Credit Union Use of Distributed Ledger Technologies

NCUA has issued LTCU 22-CU-07 to address the increased use of financial technology by credit unions in their operations and clarify its expectations for credit unions contemplating the use of new or emerging distributed ledger technologies (DLT).  This is NCUA’s second LTCU on this issue, as LTCU 21-CU-16 was issued December 2021.

The LTCU identifies the agency’s expectations related to DLTs and explains that credit unions may appropriately use DLT as an underlying technology.  The following areas are considerations and NCUA’s expectations for FICUs, however, the NCUA notes this list should not be construed as all inclusive. Federally insured state-chartered credit unions should also look to their own state laws for permissibility prior to adopting DLT for existing operations.

Governance, Oversight and Planning

Project plans and risk assessments surrounding the implementation of a product, platform, or service using DLT should include the following at a minimum:

  • Credit union board of director awareness and oversight of all changes in technology, purposes of and how it aligns with the credit union’s strategic plan and approved risk tolerances.
  • Credit union staff and third parties using and managing the technology are complying with applicable laws and regulations and acting in a safe and sound manner.
  • Effective risk management practices are followed to identify, assess, and mitigate risks associated with DLT and the specific activities for which it will be deployed.
  • Risk assessment and audit functions can validate and attest to the effectiveness of risk-mitigation practices in accordance with internal policy and industry practices.

Risk and Risk-Mitigation Strategies

The LTCU also provides the specific questions that credit unions should consider as part of their due diligence efforts to ensure activities are permissible and in compliance with applicable laws and regulations.

  • What are the primary characteristics of the DLT network architecture?
  • Does the DLT exist within a private or public network?
  • Has the risk of compromise related to many points of entry (nodes) been assessed?
  • Are consensus mechanisms build into the DLT architecture immune to external exploitation?
  • How are permissions and identity management credentials managed?
  • By whom and how is governance over the network conducted?
  • What are the data quality control expectations among participants within the network?
  • Are DLT solutions deployed within a strictly governed coding process in accordance with industry leading practices?

Legal and Compliance Risk

  • Have the potential legal and compliance risks been assessed, including those related to maintaining confidentiality, privacy, data security, recordkeeping, and consumer and fraud protections?
  • When deploying the DLT, will the credit union comply with applicable laws and regulations, such as requirements of the Bank Secrecy Act (BSA), including customer due diligence, “Know Your Customer,” and anti-money laundering requirements?
  • Are each of the nodes on the DLT network BSA compliant?
  • If the application involves the use of smart contracts, is testing of the underlying architecture in place and documented? Has the credit union confirmed with whom and to what extent oversight, governance, and maintenance of the smart contract application reside and exist?

Strategic and Reputation Risk

  • Have potential strategic and reputational risks related to the DLT been identified, assessed, and mitigated?
  • Are consensus mechanisms built into the DLT architecture well understood by management?
  • Is a process in place to monitor emerging risks and changes in technology? Can the credit union or third-party apply changes in deployment and internal controls in response?
  • Do contracts with third-party vendors provide reasonable “exit strategies” in the event of deterioration in financial condition or service delivery by the vendor?

Liquidity Risk

  • Have potential liquidity risks been identified, assessed, and mitigated?

Third-Party Risk 

  • Have potential legal and compliance risks associated with new-entry participants and third-party agreements been assessed?
  • Have the appropriate due diligence steps been taken in the selection of the third party before entering a DLT arrangement? Has NCUA’s existing guidance on evaluating third-party relationships and third-party due diligence been reviewed?

Summary Guidance:
Interagency Question and Answers Regarding Flood Insurance

Prepared by NASCUS Legislative & Regulatory Affairs Department
May 2022

NCUA, together with the OCC, Federal Reserve Board, the FDIC, and FCA (together, the Agencies) have published revised guidance to assist lenders in meeting their responsibilities under Federal flood insurance law and increase public understanding of the Agencies’ respective flood insurance regulations.

In the 2021 proposed Q&A regarding private flood insurance and request for comment the Agencies indicated a plan to publish a final document in the Federal Register consolidating the proposed private flood insurance questions and answers, and the July 2020 questions and answers into one set of guidance. Those two documents have now been consolidated into one set of Interagency Questions and Answers Regarding Flood Insurance.  The new guidance replaces the previously published versions from 2009 and 2011.

Click here to download a pdf version of this summary. [PDF]

Summary

The newly consolidated guidance consists of 144 Questions and Answers (including 24 private flood insurance questions and answers). The full Q&A begins on page 153 covering a broad range of topics.  Some key topics addressed by the revisions include guidance related to amendments to the flood insurance laws as they apply to the escrow of flood insurance premiums, certain exemptions for detached structures, procedures for the force placement of insurance, and the acceptance of flood insurance policies issued by private insurers.

For ease of reference, the Agencies have reorganized the Q&As to provide a more “logical flow of questions through the flood insurance process for lenders, servicers, regulators, and policyholders.” Rather than numbering the Q&As successively through each category, each Q&A is designated by the category to which it belongs and then designated in numerical order for that category.

Furthermore, the Agencies have added three new Q&As, Applicability, Amount, and Condo and Co-op, to better address comments received and for organizational purposes.

The following table outlines the newly organized Section, specific category within that section and the number of questions per section.

 

Section Category No. of Questions
I Determining the Applicability of Flood Insurance Requirements for Certain Loans [Applicability] 15
II Exemptions from the Mandatory Flood Insurance Purchase Requirements [Exemptions] 7
III Private Flood Insurance – Mandatory Acceptance [Mandatory] 9
IV Private Flood Insurance – [Discretionary] 4
V Private Flood Insurance – General Compliance [Private Flood Insurance] 11
VI Required Use of Standard Flood Hazard Determination Form [SFHDF] 4
VII Flood Insurance Determination Fees [Fees] 2
VIII Flood Zone Discrepancies [Zone] 3
IX Notice of Special Flood Hazards and Availability of Federal Disaster Relief 7
X Determining the Appropriate Amount of Flood Insurance Required [Amount] 9
XI Flood Insurance Requirements for Construction Loans [Construction] 6
XII Flood Insurance Requirements for Residential Condominiums and Co-Ops [Condo and Co-Op] 6
XIII Flood Insurance Requirements for Home Equity Loans, Lines of Credit, Subordinate Liens, and Other Security Interests in Collateral Located in an SFHA [Other Security Interests] 12
XIV Requirement to Escrow Flood Insurance Premiums and Fees – General [Escrow] 7
XV Requirement to Escrow Flood Insurance Premiums and Fees – Small Lender Exception [Escrow Small Lender Exception] 7
XVI Requirement to Escrow Flood Insurance Premiums and Fees – Loan Exceptions [Escrow Loan Exceptions] 5
XVII Force Placement of Flood Insurance [Force Placement] 16
XVIII Flood Insurance Requirements in the Event of the Sale or Transfer of a Designated Loan and/or Its Servicing Rights [Servicing] 7
XIX Mandatory Civil Money Penalties [Penalty] 2

The following highlights pertinent sections of the Q&A for ease of reference.

Escrow of Flood Insurance Premiums

Requirement to Escrow Flood Insurance Premiums and Fees – General (Escrow)

Establishment of Escrow Accounts

  • Requirement for any designated loan secured by residential real estate or a mobile home that is made, increased, extended or renewed on or after 1/1/2016
  • A lender must escrow for flood insurance under the Regulation even if it does not escrow for taxes and insurance.
  • Lenders must escrow force-placed insurance – unless the lender qualifies for an exception.

Loan-related exceptions:

  • A loan is an extension of credit primarily for business, commercial, or agricultural purposes;
  • A loan that is in a subordinate position to a senior lien secured by the same property for which the borrower has obtained adequate flood insurance coverage;
  • A loan that is covered by a condo association, cooperative or homeowners association or other applicable group’s adequate flood insurance policy;
  • A loan that is a home equity line of credit;
  • A loan that is a nonperforming loan that is 90 days or more past due; or
  • A loan that has term not longer than 12 months.
  • Small lender exception
  • If a lender no longer qualifies for the small lender exception, it must escrow all premiums and fees for any flood insurance required

Subordinate Lienholder

  • Subordinate lienholders are not required to escrow for flood insurance as long as the borrower has obtained flood insurance coverage that meets the mandatory purchase requirement. The junior lienholder or its servicer must ensure that adequate flood insurance is in place.
  • If adequate insurance has not been obtained by the first lienholder and insurance must be purchased in connection with the second mortgage to meet the mandatory purchase requirement, the junior lender or its servicer would need to escrow the insurance obtained in connection with the second mortgage.
  • Does not apply to subordinate lien if subordinate lien is a HELOC

Requirement to Escrow Flood Insurance Premiums and Fees – Escrow Small Lender Exception (Escrow Small Lender Exception)

Small Lender Exception Applicability – on or after July 6, 2012

  • Lender was not required under Federal or State law to deposit taxes, insurance premiums, fees, or any other charges in an escrow account for the entire term of any loan secured by residential improved real estate or a mobile home; and
  • Did not have a policy of consistently and uniformly requiring the deposit of taxes, insurance premiums, fees or other charges in an escrow account for any loans secured by residential improved real estate or a mobile home

HMPL Loans

  • Federal law in effect on or before July 6, 2012, permitted a borrower to request cancellation of the escrow rather than apply for the entire term of the loan – therefore HPML escrow requirements would not result in the loss of the escrow exception for a small lender that made an HPML – covered loan prior to 1/6/ 2012

USDA/FHA Loans

Such loans under Federal law, require the deposit of taxes, insurance premiums, fees, and other charges in an escrow account for the entire term of the loan – therefore the small lender exception would not apply.

Option to Escrow Notice

  • Loans outstanding as of 1/1//2016, must receive notice only to lenders who have a change in status & no longer qualify for the small lender exception
  • Such lenders are required to provide the option to escrow notice by September 30 of the first calendar year in which the lender has had a change in status pursuant to the regulation.
  • The notice does not apply to outstanding loans or lenders that are excepted from the general escrow requirement under the regulation.
  • Option to escrow notice does not apply to loans that are not subject to the mandatory flood insurance purchase requirement.
  • Lenders that qualify for the small lender exception are not required to provide borrowers the escrow notice or the option to escrow unless the lender no longer qualifies for the small lender exception.

Waiver of Escrow

  • If a borrower waives escrow of flood insurance premiums and fees, the lender exception for sending a notice no longer applies. The Regulation does not exclude loans for which borrowers have previously waived escrow from the requirement to offer and make available the option to escrow flood insurance premiums and fees.
  • Lenders/Servicers must send a notice of the option to escrow to borrowers who waived escrow

Requirement to Escrow Flood Insurance Premiums and Fees – Escrow Loan Exceptions

Exceptions

  • Extensions of credit primarily for business, commercial or agricultural purposes are not subject to the escrow requirement for flood insurance premiums and fees, even if such loans are secured by residential improved real estate or a mobile home.
  • Escrow requirements would not apply to a loan secured by a particular unit in a multi-family residential building if a condo association, cooperative, homeowners association, or other applicable group provides an adequate policy and pays for the insurance as a common expense.
  • Construction to permanent loans do not qualify for the 12-month exception from escrow, even if one phase of the loan is 12 months or less, given that these loans are generally 20 – 30-year loans. A 12-month phase is not considered a true closing.
  • If at any time during the term of the loan a lender determines that a subordinate lien exception no longer applies, the lender must begin escrowing flood insurance premiums and fees as soon as reasonably practicable (unless another exception applies).
  • Lenders should ensure that loan documents for subordinate liens permit the lender to require an escrow if the loan takes a first lien position.
Exemptions for Detached Structures

Exemptions from the Mandatory Flood Insurance Purchase Requirements

Detached Structures

  • The Regulation does not apply a structure that is detached from the primary residential structure and does not serve as a residence.
  • A borrower may still elect to purchase flood insurance
  • The lender does not have to take a security interest in the primary residential structure for detached structures to be eligible for exemption.
  • The term “a structure that is part of a residential property” in the detached structure exemption applies only to structures for which there is a residential use and not to structures for which there is a commercial, agricultural or business use.
  • A flood hazard determination is required even when the secured property contains detached structures for which coverage is not required, in order to determine whether a building or mobile home securing a loan is or will be located in an SFHA.
  • If a borrower has flood insurance on a detached structure that is part of the residential property but does not serve as a residence, the lender is no longer mandated by the Act to require flood insurance on that structure and may allow the borrower to cancel the policy.
  • If a triggering event occurs the lender is required to examine the status of detached structures to determine whether the structure exemption still applies.
Procedures for Force Placement of Insurance

Force Placement of Flood Insurance – Force Placement

Force Placement

  • When a lender makes the determination that the collateral securing the loan is uninsured or underinsured, it must begin the force placement process. The lender or servicer must notify the borrower that the borrower must obtain flood insurance, at the borrower’s expense, in an amount at least equal to the minimum amount required under the regulation.
  • If the borrower fails to obtain appropriate insurance within 45 days of the lender’s notification the lender must purchase flood insurance on the borrower’s behalf.
  • It must be the full amount required under Regulation
  • The lender must provide notice to the borrower of force placement of insurance upon making the determination that the loan is not covered by flood insurance or in an amount less that the amount required
  • When force placement occurs, the Regulation requires a minimum amount of flood insurance to be “at least equal to the lesser of the outstanding principal balance of the designated loan or the maximum limit of coverage available for the particular type of property under the Act.”

Charging for Force Placed Insurance – What is considered a triggering event?

  • Capitalizing the premium and fees into outstanding principal balance
  • If the lender’s loan contract with the borrower includes a provision permitting the lender to advance funds for flood insurance as additional debt to be secured by the building/mobile home – such an advancement would be considered part of the loan and would not be considered a triggering event.
  • IF there is no explicit provision permitting this type of advancement of funds in the loan contract the capitalization of premiums would be considered an “increase” in the loan amount and thus considered a triggering event because no advancement of funds was contemplated as part of the loan.
  • Adding the premium and fees to a separate account
  • If the lender accounts for and tracks the amount owed on force placed insurance premiums and fees in a separate account, this is not considered a triggering event
  • Advancing funds from the escrow account to pay for the premium and fees
  • If the lender’s contract permits the advancement of premiums from the borrower’s escrow account – this is not considered a triggering event
  • Billing the borrower directly for the premiums and fees
  • If the lender bills the borrower directly for the cost of force placed insurance, this is not considered a triggering event

Refunding premiums

  • The Regulation requires the refund of force placed insurance premiums and any related fees charged to the borrower for any overlap period within 30 days of receipt of a confirmation of a borrower’s existing flood insurance coverage without exception.

Expiration

  • The Regulation does not require a lender to send a notice to the borrower prior to renewing a force placed policy. The lender may notify the borrower if they are planning to renew or have renewed the policy.

Monitoring Coverage

  • There is no regulatory requirement to monitor coverage over the life of the loan. For purposes of safety and soundness many lenders choose to monitor for continuous coverage.
Acceptance of Private Flood Insurance

Private Flood Insurance – Mandatory Acceptance

  • Lenders are only required to accept flood insurance policies issued by a private insurer that meet the definition of private flood insurance under the Regulation, as long as the policy meets the amount of insurance required.
    • A lender is not required to accept flood insurance that only meets the criteria set forth in discretionary acceptance.
  • Lenders are not required to originate a loan that does not meet their underwriting criteria, e.g., a loan in non-participating communities or coastal barrier regions where the NFIP is not available.

Use of Compliance Statement

  • A lender may choose to rely upon the compliance aid statement and would not need to review the policy further to determine if the policy meets the definition of “private flood insurance.”
    • A lender may not reject the policy solely on the lack of the compliance aid statement and not required to accept it on the statement alone, but rather may choose to review the policy in its entirety to determine if it meets the definition of “private flood insurance.”
  • In order for the lender to rely on the compliance aid statement without further review of the policy, the language of the statement must be stated in the policy, or as an endorsement to the policy.
    • If the language is different the lender cannot rely on the protections of the compliance aid statement.

Private Flood Insurance – Discretionary Acceptance

Policy acceptance

  • Lenders are not required to accept flood insurance policies that only meet the discretionary criteria. Discretionary criteria are set forth in the Regulation
    • It is at the lender’s discretion to accept a policy that meets the discretionary acceptance criteria
  • If a lender accepts a policy that they determine meets the discretionary criteria the lender must document its conclusion in writing that the policy provides sufficient protection of the loan, consistent with general safety and soundness principles.

Factors to consider:

  • A policy’s deductible is reasonable based on the borrower’s financial condition;
  • The insurer provides adequate notice of cancellation to the mortgagor and mortgagee to allow for timely force-placement of flood insurance, if necessary
  • The terms and conditions of the policy, with respect to payment per occurrence or per loss and aggregate limits, are adequate to protect the regulated lending institution’s interest in the collateral;
  • The flood insurance policy complies with applicable State insurance laws; and
  • The private insurance company has the financial solvency, strength, and ability to satisfy claims.

Private Flood Insurance – General Compliance

Maximum Deductible

  • For purposes of compliance with the mandatory acceptance provision, the Regulation provides that a policy must provide coverage at least as broad as the coverage provided under an SFIP for the same type of property, including a deductible that is no higher than the specified amount under an SFIP for any total coverage amount up to the maximum available under the NFIP at the time the policy is provided to a lender.
  • The lender should consider whether the deductible is reasonable based on the borrower’s financial condition and other factors.
  • If a lender is accepting a private flood insurance policy under the mandatory acceptance provision, the Regulation requires that the private flood insurance policy be at least as broad as an SFIP, which includes a requirement that the private flood insurance policy contain a deductible no higher than the specified maximum deductible for an SFIP

Private Flood Insurance & Secondary Market Investors

  • The requirements for secondary market are separate from Regulation and lenders must comply with Federal flood insurance requirements.
  • Lenders should carefully review the separate requirements for secondary market investors to determine what is acceptable regarding private flood insurance if the lender plans to sell the loan to such investors.

New Policy

  • Any time a borrower presents the lender with a new flood insurance policy issued by a private insurer the lender must review the policy to determine whether it meets the private flood insurance requirements.

 

CFPB Summary: Advisory Opinion re: Equal Credit Opportunity Act (ECOA) Revocations/Change of Terms

12 CFR Part 1002

The Consumer Financial Protection Bureau (CFPB) issued an advisory opinion to affirm that the Equal Credit Opportunity Act (ECOA) and Regulation B protects not only those actively seeking credit but also those who sought and have received credit.

The advisory opinion became effective on May 18, 2022 and may be accessed here.

Summary

  • The Bureau notes that Congress enacted the ECOA in 1974 to (initially) address discrimination with regard to granting credit to women. From the start, the prohibition was designed to protect consumers actively seeking credit and those who have sought and received credit.  Accordingly, the Bureau notes that the ECOA defined “applicant” as “any person who applies to a creditor directly for an extension, renewal, or continuation of credit or applies to a creditor indirectly by use of an existing credit plan for an amount exceeding a previously established credit limit.” The opinion notes that the drafters of the statute emphasized that the ECOA’s prohibition on discrimination applied to all credit transactions including the approval, denial, renewal, continuation or revocation of any open-end consumer credit account.
  • The opinion notes that Regulation B has always defined the term “credit transaction” to encompass “every aspect of an applicant’s dealings with a creditor,” including elements of the transaction that take place after credit has been extended. In addition, Regulation B has always defined the term “applicant” to include those who have applied for and have received credit.
  • The ECOA’s disclosure provision also requires creditors give a statement of reasons to “each applicant against whom they take “adverse action,” which is defined by the Act to include “a revocation of credit as well as a change in the terms of an existing credit arrangement.”
  • The opinion notes that this interpretation is reflected in the Bureau’s Supervision and Examination Manual and is supported by the statutory text, legislative history and legal analysis.
  • This advisory opinion is applicable to all “creditors” as defined under Section 702 of the ECOA.
Joint Proposed Rule Summary: Rules of Practice and Procedure

NASCUS Legislative and Regulatory Affairs Department | May 14, 2022

The NCUA, OCC, FDIC, and Federal Reserve have published a joint Notice of Proposed Rulemaking: Rules of Practice and Procedure. If finalized, the proposal would amend the Uniform Rules of Practice and Procedure to “recognize the use of electronic communications in all aspects of administrative hearings and to otherwise increase the efficiency and fairness of administrative adjudications.”

In addition, the OCC, Federal Reserve, and FDIC are proposing to modify each of their respective administrative practice and procedure rules. Occ also intends to integrate its rules with the Uniform Rules so that only one set of rules would apply to national banks and Federal savings associations.

The deadline to submit a comment is June 13, 2022. The proposed rule may be read in its entirety here.

Summary

The Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA) required NCUA, the federal banking agencies (FBAs) to develop uniform rules and procedures for administrative hearings. In August 1991, NCUA and the FBAs each adopted final Uniform Rules as well as agency specific rules. Amendments to those rules were made in 1996, but otherwise the rules have remained generally unchanged.

Prior to 2005, NCUA and the FBAs only accepted paper pleadings. However, beginning in 2005, the Office of Financial Institution Adjudication (OFIA) established a dedicated electronic mailbox to accept electronic pleadings and service and, by 2006, paper pleadings were virtually eliminated in administrative hearings. Without rules in place to address electronic pleadings, the Administrative Law Judges (ALJs) opted to dictate procedures pertaining to electronic filing and other items on an ad hoc basis.

The changes proposed by this rule would modify the Uniform Rules to accommodate electronic pleadings and communications in administrative hearings and make other improvements based on NCUA’s and the FBA’s experience gained over the past years. References to the Office of Thrift Supervision (OTS) would be removed as OTS was abolished in 2011. In addition, the OCC, Federal Reserve, and FDIC propose to amend certain sections of their Local Rules that they believe should be updated, improved, or clarified and the OCC proposes to consolidate its uniform and local rules.

Proposed changes include:

  • Terminology and Nomenclature – Gender specific references would be replaced with gender neutral terminology consistent with Federal Register drafting guidelines (see https://www.archives.gov/federal-register/write/legal-docs/clear-writing.html). The word “shall” will be replaced by the terms ‘‘must,’’ ‘‘will,’’ or other appropriate language and the abbreviation ‘‘ALJ’’ will be used for ‘‘administrative law judge.’’
  • Civil Money Penalties & HOLA – the list of civil money penalties will be updated to include §5, §9, and §10 of the Home Owners’ Loan Act (HOLA).
    This update does not affect credit unions as the relevant sections of HOLA are applicable to Federal savings associations now supervised by the OCC, State-chartered savings associations now supervised by the FDIC, and savings and loan holding companies supervised by the Federal Reserve Board.
  • References to OTS will be deleted.
  • Electronic Signatures – a definition of the term ‘‘electronic signature’’ will be added in the definitions section to align with proposed changes allowing electronic signatures to be used to satisfy good faith certification requirements.
  • Administrative Law Judges – the term ‘‘other orders’’ would be added to the list of specific orders an ALJ is authorized to issue, quash, or modify to clarify that the authority of the ALJ to issue orders is not limited to subpoenas, subpoenas duces tecum, and protective orders. To improve clarity, the term ‘‘presiding officer’’ would be replaced by ‘‘ALJ.’’
  • Appearances in Person – changes would simplify this section to make clear that an individual may appear on their own behalf. Another change would require a notice of appearance include a written acknowledgment that the individual has reviewed and will comply with the Uniform Rules and Local Rules.
  • Good Faith Certification – proposed changes would require that the counsel of record, including an individual who acts as their own counsel, include a mailing address, an electronic mail address, and a telephone number with every certification. Other changes would permit electronic signatures to satisfy the signature requirements of the certification.
  • Ex Parte Communications – changes would clarify that upon the occurrence of ex parte communication, the ALJ or the Agency Head must determine whether any action in the form of sanctions should be taken concerning the ex parte communication. To better align the Uniform Rules with §5 of the Administrative Procedure Act, language would be added stating that the ALJ may not consult with a person or party on a fact in issue without giving all parties notice and an opportunity to participate and may not be responsible to or subject to the supervision or direction of an employee agent engaged in the performance of investigative or prosecuting functions for any of the Agencies. Finally, terminology would changed to refer to “administrative” or “judicial” proceedings rather than “public” proceedings.
  • Filing of Papers – this section would be updated to remove outdated references to transmission by electronic media and replace it with a section stating that filing may be accomplished by electronic mail or other electronic means designated by the Agency Head or the ALJ. Furthermore, references to specific carriers and names mail delivery services would be changed to generic references. Changes to the section related to the filing of papers would require inclusion of:
    • mailing address
    • electronic mail address
    • telephone number of the counsel or party making the filing.

The provision requiring copies to be filed will be deleted.

  • NCUA would delete from its rules references to change-in-control proceedings from part 747 which do not apply to credit unions.
  • Service of Papers – proposed changes would provide for electronic filing and simplify and update the descriptions for other, non-electronic, means of filing. Additional changes would mandate that any papers required to be served by the Agency Head or the ALJ upon a party that has appeared in the proceeding will be served by electronic mail or other electronic means. Non-electronic methods of service will be preserved as an option for parties that do not appear in person.
  • Construction of Time Limits – changes would establish that papers transmitted electronically are deemed filed/served upon transmittal by the serving party. Existing times for non-electronic methods of filing and service would be retained. In the case of service by electronic mail or other electronic means, the time limits for responding would be calculated by adding one calendar day to the prescribed period. In the case of overnight mail service, the rule would provide for the addition of two calendar days, rather than one, and the addition of three calendar days for service made by mail.
  • Witness Fees and Expenses – the proposal would clarify that all witnesses, including an expert witness who testifies at a deposition or hearing, will be paid the same fees for attendance and mileage as are paid in US District court proceedings when US is a party. Additional changes would clarify that NCUA and FBAs are not required to pay witness fees/mileage for testimony by a party.
  • Opportunity for Informal Settlement – this provision would be amended to clarify the existing rule that an offer or proposal for informal settlement may only be made to Enforcement Counsel.
  • Commencement of Proceeding and Contents of Notice Section – proposed changes related to service of notice to the proceedings include:
    • Enforcement Counsel may serve the notice upon counsel for the respondent, rather than the respondent
    • Clarification that notice pleading applies in administrative
    • Change “a statement of the matters of fact or law showing the [Agency] is entitled to relief’’ to simply ‘‘matters of fact or law showing that the [Agency] is entitled to relief.’’
  • Answer – proposed amendment will establish an unappealable default judgment in favor of the Agency if a respondent fails to request a hearing as required by law within the applicable time frame.
  • Scope of Document Discovery – proposed change would update the definition of the term ‘‘documents’’ in § ll.24(a)(1) to include not only writings, drawings, graphs, charts, photographs, and recordings, but electronically stored information and data or data compilations stored in any medium from which information can be obtained. Additional proposed changes would clarify the list of privileges applicable to otherwise discoverable documents:
    • attorney-client privilege and the work-product doctrine
    • bank examination privilege
    • law enforcement privilege

Furthermore, the proposal would require that document discovery, including all responses to discovery requests, completed by the date set by the ALJ and no later than 30 days prior to the date scheduled for the start of the hearing.

  • Request for Document Discovery by Parties- under the proposal, this section would be reorganized and renamed ‘‘Document requests.’’ In addition, proposed changes would add a paragraph stating that a party may serve another party a request to not only produce discoverable documents but to permit the inspection or copying of discoverable documents. New language would also allow a party responding to a request for inspection to produce electronically stored information instead of permitting inspection and would require that, unless a particular form is specified by the ALJ or agreed upon by the parties, the producing party must produce copies of documents as they are kept in the usual course of business. The producing party would pay its own costs to respond to a discovery request unless otherwise agreed by the parties. Finally, the proposal would specify the following privileges related to document production requests:
    • attorney-client privilege and work product doctrine,
    • bank examination privilege
    • law enforcement privilege
    • government deliberative process privilege
    • and any other privileges of the Constitution, any applicable act of Congress, and other principles of common law
  • Document Subpoenas to Non-Parties – proposed amendment would allow a person subpoenaed for documents to file a motion to quash or modify such subpoena with the ALJ.
  • Deposition of Witness Unavailable for Hearing – the proposed changes would require that the application for a subpoena state the manner in which the deposition is to be taken, in addition to the time and place, and provide explicitly that a deposition may be taken by remote means. Additional changes provide that a court reporter or other person authorized to administer an oath may administer the oath remotely without being in the physical presence of the deponent and provides for obtaining court ordered compliance with issued subpoenas.
  • Summary Disposition – proposed changed would require that a request for a hearing on a motion be made in writing. This change will formalize the process of requesting a hearing and increase the clarity of the process.
  • Scheduling and Prehearing Conferences – changes would clarify that a prehearing conference must be set within 30 days of service of the notice, or an order commencing a proceeding and eliminate the option in the current rule for the parties to agree on another time. References to telephone conferences would be eliminated to make the provision technology neutral.
  • Prehearing Submission – the time for a party to file prehearing submissions with the ALJ would be extended from 14 days to 20 days before the start of the hearing. Additional changes would require the submission of a prehearing statement that states the party’s position with respect to the legal issues presented, the statutory and case law upon which the party relies, and the facts the party expects to prove at the hearing. Also, final witness lists, must include the name, mailing address, and electronic mail address for each witness. Further clarifications would make clear the witness list need not identify the exhibits to be relied upon by each witness.
  • Conduct of Hearings – new rules would the ALJ to establish procedures for the use of electronic presentations.
  • Evidence Section – the proposal would replace the terminology ‘‘direct interrogation” with the term “direct questioning.”

Letter to Credit Unions 22-CU-06: NCUA to Begin Phase 2 of Resuming Onsite Operations
April 2022

Based on new guidance from the Centers for Disease Control and Prevention (CDC) and the Safer Federal Workforce Task Force, the NCUA will enter the second phase (Phase 2) of resuming its onsite operations on April 11, 2022.

Phase 2 permits NCUA staff to volunteer to work onsite, including conducting examination and supervision work at credit unions located in counties with low or moderate COVID-19 community levels, as defined by the CDC. Onsite work in counties with high COVID-19 community levels may be allowed when necessary and with prior approval from NCUA management.

During Phase 2, the agency will continue to conduct examination steps offsite when feasible and appropriate. NCUA staff working onsite in credit unions will generally be expected to follow credit union policies related to safety, to the extent they exceed the NCUA’s safety protocols for Phase 2. Also, the NCUA will continue to maintain heightened safeguards in the agency’s facilities to ensure the health and safety of staff and visitors. The agency will continue to monitor the course of the pandemic closely and adjust workforce safety plans, as necessary.

 

Letter to Credit Unions 22-FCU-02: Final Rule on Definition of Service Facility
March 2022

The final rule amending the definition of “service facility” for multiple common-bond FCUs became effective December 27, 2021. The final rule provides that shared locations are service facilities for purposes of multiple common-bond FCU additions of groups and/or underserved areas, regardless of whether the FCU has an ownership interest in the shared branching network providing the locations. Qualifying shared locations include electronic facilities offering required services such as video teller machines.

The final rule only changes the ownership requirement related to shared locations. All other requirements related to service facilities, eligibility of groups, and the qualifications of underserved areas remain unchanged.

The letter outlines requirements for multiple common-bond FCUs looking to add occupational or associational groups, or an underserved area. NCUA emphasizes that the process for establishing an area qualifying as an underserved area remains the same. The agency also notes that it will remove an underserved area from an FCU’s field of membership and reserves the right to take other supervisory action if it determines that an FCU has not maintained a service facility in the underserved area.

Finally, multiple common-bond FCUs expanding around a shared facility must continue to comply with all applicable consumer financial protection and anti-discrimination laws.

Federal Reserve Board Issues Discussion Paper: “Money and Payments: The U.S. Dollar in the Age of Digital Transformation”

January 2022

SUMMARY

In January, the Federal Reserve Board (Fed) issued a discussion paper entitled “Money and Payments: The U.S. Dollar in the Age of Digital Transformation” (Paper). The Paper explores:

  • The advantages and disadvantages of the Fed issuing a central bank digital currency (CBDC or digital dollar); and
  • The key design considerations of such a currency

The Fed also solicited feedback from the public, with comments due May 20, 2022.

For the purpose of the Paper, the Fed defined a CBDC as a digital liability of a central bank that is widely available to the general public: a CBDC would be analogous to a digital form of paper money.

SUMMARY

The Paper intentionally does not take a position in favor of or opposing the creation of a digital dollar. Rather, it raises several high-level but critical potential benefits and risks of a digital dollar. The Fed views the Paper as a “first step in a public discussion between the Federal Reserve and stakeholders about central bank digital currencies.” Issuance of a digital dollar “is not imminent.” The Paper does, however, reiterate Chairman Powell’s publicly expressed view that the Fed should only create a digital dollar if Congress clearly authorizes the Fed to do so and the President supports the creation of one.

Were the Fed to create a CBDC, the following principles would guide the Fed in that effort:

  • A digital dollar’s benefits should outweigh the costs;
  • A digital dollar’s benefits should be provided more effectively by the digital dollar than alternatives;
  • A digital dollar should complement existing forms of money and financial services;
  • A digital dollar should protect consumer privacy and protect against crime; and
  • A digital dollar should have broad-based support.

To this end, the Paper argues that any digital dollar should be “privacy-protected, intermediated, widely transferable, and identity-verified.” Such a design could “provide households and businesses a convenient, electronic form of central bank money” that would support “faster and cheaper payments (including cross-border payments)” and promote financial inclusion.

However, the Fed is concerned that a digital dollar could reduce deposits in banks and credit unions, resulting in negative affects to credit markets and financial stability. Critically, the Paper notes that “Under an intermediated model, the private sector would offer accounts or digital wallets to facilitate the management of CBDC holdings and payments. Potential intermediaries could include commercial banks and regulated nonbank financial service providers and would operate in an open market for CBDC services.”

The Paper also raises concerns that a “CBDC could fundamentally change the structure of the U.S. financial system.” In particular, the Fed is concerned that a digital dollar could potentially reduce deposits in the banking system, thereby undermining credit availability and reduce demand for T-Bills and similar low risk assets (particularly if the digital dollar is interest bearing); encourage runs on financial institutions in times of stress (due to relatively safety and liquidity); and change the way the Fed can implement monetary policy. The Fed is also focused on privacy risks; and money laundering deterrence as well as cybersecurity and resiliency risks to the Fed’s payment systems.

The Fed’s Questions

The Fed is seeking public feedback on 22 questions. The questions are divided into two categories: the first 14 questions address CBDC Benefits, Risks, and Policy Considerations and the last 7 questions address the CBDC Design.

With respect to costs, benefits and policy considerations, the Fed seeks feedback on several relatively high level, wide-ranging issues. For instance, the Fed asks:

  • Whether the benefits of a CBDC could be achieved via other means and whether a CBDC would improve financial inclusion;
  • How a digital dollar may affect financial stability and the Fed’s ability to implement monetary policy;
  • How financial institutions would be affected (and how these affects would be different from privately issued stablecoins);
  • How to protect end users’ privacy without undermining anti-money laundering tools;
  • Whether a digital dollar should be legal tender; and
  • Methods by which to ensure cyber and operational resistance.

With respect to design, the Fed is interested in:

  • Whether a digital dollar should pay interest (and if so, via which mechanism);
  • Whether the amount of a digital dollar held by any specific end user should be limited;
  • Which entities should serve as intermediaries for a CBDC and how should they be regulated;
  • Whether the Fed should “maximize the ease of use and acceptance at point of sale”; and
  • How a digital dollar could be designed to achieve transferability across multiple payment platforms, including offline capabilities.

Additional Considerations

Development of a digital dollar is politically salient and controversial. For instance, Senate Banking Committee Chairman Sherrod Brown (D-OH) has called the Report a “good first step toward designing a central bank digital currency” that will promote financial inclusion and maintain the United States’ global financial leadership. Senator Brown has previously sponsored legislation authoring the Fed to issue a digital dollar and to create pass through Federal Bank accounts for certain consumers.

The Committee’s (outgoing) Ranking Member, Pat Toomey (R-PA), praised the Federal Reserve for focusing on the need for privacy protections and cautioning against retail Federal Reserve bank accounts. However, the Senator expressed concern about data security and whether a digital dollar could be used for peer-to-peer transactions. Ultimately, he praised the report as an “important step by the Fed in acknowledging the permanence of cryptocurrencies and their underlying technologies.”

Earlier this month, Congressman Tom Emmer (R-MN), a co-chair of the Congressional Blockchain Caucus, introduced legislation prohibiting the Federal Reserve from issuing a digital dollar whereas Congressman Don Beyer (D-VA) has introduced legislation authorizing the Fed to issue a digital dollar. Numerous Senators on the Banking Committee and other members of Congress have urged Chairman Powell not to discourage the co-existence of private stablecoins in the event that the Fed issues a digital dollar; the Chairman has stated publicly that privately issued stablecoins can continue to function in a system that includes a digital dollar.

Internationally, the Bank of International Settlements and the International Monetary Fund have been in favor of all major countries developing interoperable central bank digital currencies, in part due to concerns over perceived financial stability risks posed by stablecoins.

NCUA Risk Alert: 22-RISK-01 Heightened Risk of Social Engineering and Phishing Attack

March 2022

The on-going conflict in Ukraine has raised concerns about potential cyberattacks in the U.S., including those against the financial services sector. All credit unions and vendors, regardless of size, are potential targets for cyberattacks, like social engineering and phishing attacks, and must remain vigilant. Credit unions should report any cyber incidents to the NCUA, your local FBI field office or the Internet Crime Complaint Center, and the Cybersecurity and Infrastructure Security Agency (CISA).

Phishing is a technique that uses email or malicious websites to solicit personal information or to get victims to download malicious software by posing as a trustworthy entity. Another variant of phishing, known as smishing, uses SMS or other text messaging applications to get victims to click on malicious links to achieve similar goals to email phishing. NCUA’s Risk Alert outlines common indicators to watch out for along with tips to avoid being a victim of phishing.

The NCUA encourages credit unions to review CISA’s Shields-Up website, which provides information about cybersecurity threats, including several resources and mitigation strategies. The NCUA recently created the Automated Cybersecurity Evaluation Toolbox or ACET, a free tool for federally insured credit unions to use when evaluating their levels of cybersecurity preparedness. The ACET is a downloadable, standalone app developed to be a holistic cybersecurity resource for credit unions.

Additional cybersecurity resources are also available at www.ncua.gov/cybersecurity.

CFPB-2022-0002: Notice and Request for Comment Regarding CFPB’s Inquiry into Buy-Now-Pay-Later (BNPL) Providers

In December 2021, the Consumer Financial Protection Bureau (CFPB) opened market monitoring orders, inquiring into Buy-Now-Pay-Later (BNPL) products in the United States to gain information about the size, scope and business practices of the BNPL market.  The information will help the Bureau better understand how consumers interact with BNPL providers and how BNPL business models impact the broader e-commerce and consumer credit marketplaces.

Comments are due on March 25, 2022.  The notice and request for comments can be found here.

Summary

The Bureau’s market monitoring orders required five providers of BNPL products in the US to provide information about their size, scope, and business practices.  The Bureau listed six areas of specific interest:

  • Business model and transaction metrics
  • Loan performance metrics
  • Consumer protections
  • User contacts and demographics
  • Data harvesting
  • Data monetization

The Bureau invites all interested parties to submit comments to inform the agency’s inquiry.  In addition, the Bureau encourages comments re: particular aspects of BNPL products such as:

  • The consumer experience with BNPL products
  • The benefits/risks from BNPL products to consumers
  • The merchant experience with BNPL products
  • Regulator/Attorneys General perspectives on BNPL products
  • Ways the BNPL market can be improved
Letter to Credit Unions 22-CU-02 NCUA’s 2022 Supervisory Priorities
January 2022

NCUA’s Letter to Credit Unions (LTCU) 22-CU-02 identifies the agency’s supervisory priorities for 2022, which include:

Credit Risk Management

NCUA examiners will continue to review credit unions’ credit risk-management and mitigation efforts with the expectation that credit unions’ risk management practices will be commensurate with the level of complexity and nature of their lending activities. An area of emphasis for NCUA will be credit unions’ controls, reporting, and tracking of programs to help distressed borrowers.

For more information, see the Joint Statement on Additional Loan Accommodations Related to COVID-19, NCUA Letter to Credit Unions, 20-CU-13, Working with Borrowers Affected by the COVID- 19 Pandemic; and The Lending Programs section on the NCUA’s FAQs.

Information Security (Cybersecurity)

NCUA will continue to develop and pilot information security examination procedures tailored to credit unions of various sizes and complexity. NCUA’s goal is to have these procedures finalized this year. In 2021, NCUA released the ACET application, allowing credit unions of all sizes to conduct voluntary maturity assessments that align with the FFIEC cyber assessment tool (the CAT). More information on cybersecurity is available on NCUA’s Cybersecurity Resources webpage.

Payment Systems

Citing the growing complexity Payment products, services, and operations is a growing area of complexity and risk for credit unions and consumers. As the retail payments landscape increasingly shifts and grows to meet consumer demand for easier and faster electronic access to and settlement of funds, the corresponding risk to credit unions and their members also increases. Today’s environment of easy and fast electronic processing of transactions relies on technology, the applications and their controls, and the underlying security of the platforms facilitating the transactions. The changes in payment systems increase the risk of fraud, illicit use, and breaches of data security. The NCUA will include an increased focus in this area.

Bank Secrecy Act Compliance and Anti-Money Laundering/Countering the Financing of Terrorism

BSA/AML/CFT reviews are included in every NCUA exam scoping. As a result of the Anti-Money Laundering Act of 2020 (AML Act) and the Corporate Transparency Act (CTA), there will be several new requirements for credit unions to update their risk-based BSA/AML/CFT policies, procedures, and processes throughout 2022.

Capital Adequacy and Risk-Based Capital Rule Implementation

NCUA examiners will continue to evaluate credit unions’ responses to the pandemic and credit unions pandemic relief efforts’ efforts on their capital position and financial stability. In addition, NCUA notes that complex credit unions ($500m+ assets as of most recent 5300 report) are now subject to the final risk-based capital rule.

NCUA examiners will review the accuracy of complex credit unions’ reporting for the new data elements required in the risk-based capital schedule of the March 31, 2022, Call Report.

Loan Loss Reserving

For loan loss reserving, credit unions are required to implement the Financial Accounting Standards Board’s Accounting Standards Update No. 2016-13, Topic 326 (CECL) by January 1, 2023. Credit unions that have yet to adopt CECL will follow FASB Accounting Standards Codification (ASC) Subtopic 450-20 (loss contingencies) and/or ASC 310-10 (loan impairment). NCUA examiners will discuss a credit union’s plans for implementation of CECL (if applicable).

While FCUs with less than $10 million in assets are not required to follow generally accepted accounting principles (GAAP) nor adopt CECL, they must have a reasonable reserve methodology that adequately covers known and probable loan losses.

FISCUs with less than $10m in assets follow state law with respect to GAAP compliance and subsequently CECL implementation.

When evaluating a credit union’s ALLL, NCUA examiners will review:

  • The credit union’s ALLL policies and procedures;
  • The credit union’s documentation of its ALLL reserving methodology, including modeling assumptions and qualitative factor adjustments;
  • The credit union’s adherence to GAAP (if applicable); and
  • The independent review of credit union reserving methodology and documentation practices by its internal committee (Supervisory or Audit Committee or like committee) or external auditor.

For more information, see Interagency Statement on Loan Modifications and Reporting for Financial Institutions Working with Customers Affected by the Coronavirus (Revised). CECL resources include:

Consumer Financial Protection

For FCUs, NCUA will continue to examine for compliance with applicable consumer financial protection laws and regulations with a focus on:

  • COVID-19 pandemic
  • Fair lending
  • Servicemembers Civil Relief Act
  • Fair Credit Reporting Act
  • Overdraft programs

Loan Participations

NCUA examiners will verify that credit unions have evaluated the risk in loan participation transactions and evaluate how that risk fits within the tolerance levels established by the credit union’s board. NCUA reminds credit unions:

  • At a transactional level, each loan participation must have separate and distinct records for individual payments, including principal, interest, fees, escrows, and other information relating to individual loans.
  • While remittances to the credit union may come in a single payment, credit unions must reconcile this information to the servicer’s records and follow prudent third-party due diligence practices when purchasing loan participations.

Fraud

Noting that the offsite posture of many credit unions throughout the pandemic has increased the potential for fraud, NCUA examiners will review credit union efforts to deter and detect fraud, including internal controls, separation of duties, and transaction testing.

LIBOR Transition

NCUA will be focusing on credit unions with significant LIBOR exposure or inadequate fallback language. NCUA’s Letter to Credit Unions, 21-CU-03, LIBOR Transition and Supervisory Letter, 21-01, Evaluating LIBOR Transition Plans, provide the supervisory framework NCUA examiners will continue to use to evaluate a credit union’s risk management processes and planning related to the end of LIBOR. Credit unions can continue using NCUA’s LIBOR Assessment Workbook for assistance and refer to the July 2020 and the October 2021 releases for additional guidance.

Interest Rate Risk

NCUA will be focusing on IRR and implementing the CAMELS system in 2022 (24 states already use CAMELS). To review NCUA’s Examiner’s Guide chapter on IRR, see here. NCUA will begin using the “S” rating for examinations starting on or after April 1, 2022. The evaluation of the “S” component reflects the credit union’s exposure to changes in its earnings and capital position arising from changes in market prices and interest rates. In evaluating the “L” component to determine the adequacy of a credit union’s liquidity profile, NCUA examiners will consider the current and prospective sources of liquidity compared to funding needs.

Exam Program Updates:

NCUA also provided updates on several agency initiatives related to NCUA’s exam program:

NCUA Connect & MERIT

In 2021, the NCUA trained all NCUA and state regulator users on its new examination platform, the Modern Examination and Risk Identification Tool (MERIT) and associated systems. Additional information about these modernized tools can be found on the NCUA’s website.

Recording of Official Meetings

NCUA issued notice to FCUs that per its Examiner’s Guide, FCUs FCUs may record their exit meetings with NCUA examiner’s permission (which should generally be given).