The Consumer Financial Protection Bureau (CFPB) is seeking comments from the public related to fees that are not subject to competitive processes that ensure fair pricing. The submissions to this request for information will serve to assist the CFPB and policymakers in exercising its enforcement, supervision, regulatory and other authorities to create fairer, more transparent and competitive consumer financial markets.
Comments are due by March 31, 2022. You can access the RFI here.
Summary
The CFPB is concerned that “exploitative junk fees” charged by banks and non-bank financial institutions have become widespread, with the potential effect of shielding substantial portions of the true price of consumer financial products/services from competition. The Bureau is seeking information from the how such fees have impacted their lives. The Bureau is particularly interested in hearing from individuals (including older consumers, students, servicemembers, consumers of color and lower-income consumers), social services organizations, consumer rights and advocacy organizations, legal aid attorneys, academics/researchers, small businesses, financial institutions and state/local government officials.
The Bureau has posed specific questions below. However, the Bureau is interested in receiving any comments related to fees in consumer finance.
- If you are a consumer, please tell us about your experiences with fees associated with your bank, credit union, prepaid or credit card account, mortgage, loan or payment transfers including:
- Fees for things you believed were covered by the baseline price of a product/service
- Unexpected fees for a product or service
- Fees that seemed too high for the purported service
- Fees where it was unclear why they were charged
- What types of fees for financial products/services obscure the true costs of the product/service by not being built into the upfront price?
- What fees exceed the cost to the entity that the fee purports to cover? For example, is the amount charged for NSF fees necessary to cover the cost of processing a returned check and associated losses to the depository institution?
- What companies or markets are obtaining significant revenue from backend fees, or consumer costs that are not incorporated into the sticker price?
- What obstacles, if any, are there to building fees into up-front prices consumers shop for? How might this vary based on the type of fee?
- What data and evidence exist with respect to how consumers consider back-end fees, both inside and outside of financial services?
- What data and evidence exist that suggest that consumer do, or do not, understand fee structures disclosed in fine print or boilerplate contracts?
- What data and evidence exist that suggest consumers do or do not make decisions based on fees, even if well disclosed and understood?
- What oversight and/or policy tools should the CFPB use to address the escalation of excessive fees or fees that shift revenue away from the front-end price?
LTCU: (22-CU-01): Submission for 2021 Voluntary Credit Union Diversity Self-Assessment Extended to January 31, 2022
January 2022
NCUA’s LTCU was issued to extend the deadline for credit unions to submit the 2021 voluntary Credit Union Diversity Self-Assessment. Submissions for 2021 will now be accepted until January 31, 2022. After that date, the self-assessment portal will remain open, but submissions will become part of the 2022 data set.
This tool is designed to help credit unions evaluate and advance their diversity policies and practices. The voluntary self-assessment is not part of the examination process. Data collected via the assessment will not impact a credit union’s CAMELS rating or be used in the supervisory process.
The NCUA will use anonymized data from the self-assessment to report on progress and trends in credit union diversity-related activities. The agency will not publish any information identifying a particular credit union or individual without written approval.
LTCU: (21-CU-16) Relationships with Third Parties that Provide Services Related to Digital Assets
December 2021
NCUA’s LTCU was issued to provide clarity about the already existing authority of federally insured credit unions (FICUs) to establish relationships with third-party providers that offer digital asset services to the FICUs’ members, provided certain conditions are met. While the authority for federal credit unions (FCUs) to establish these relationships is described in the letter, the authority for federally insured, state-chartered credit unions (FISCUs) to establish these relationships will depend upon the laws and regulations of their states.
Authority
FCUs may continue to act as a finder to bring together their members and providers of third-party services, including services related to digital assets. Introducing members to third parties that may provide members with services related to digital assets is permissible as it: (1) is useful in carrying out an FCU’s business because it facilitates member services that allow an FCU to serve as their members’ primary financial institution; (2) is the logical outgrowth of an FCU’s business, including its role in serving as its members’ primary financial institution; and (3) involves risks similar in nature to those FCUs already assume in serving their members, including referring members to various third-party service providers of other non-deposit financial products and services.
Further Guidance and NCUA’s Examination of Federally Insured Credit Unions
FICUs must act in accordance with all applicable laws, including those designed to ensure safety and soundness; comply with consumer financial protection, investor protection, and anti-money laundering/terrorism finance laws; and protect cybersecurity. General guidelines include:
Due Diligence: FICUs should take care to select an appropriate third-party service provider before entering into an arrangement that allows for the provision of digital asset services to the FICUs’ members.
Credit Union Policies, Procedures and Agreements: The FICU’s written policies, procedures, and contracts should at least address the following:
- The features of the program
- A description of the responsibilities of the FICU and the third party
- Indemnification by the third party
- The roles of the FICU and the third party
- The location of non-deposit sales
- The use of disposition of FICU member information
- Termination of the contract
- Ongoing compliance with the requirements of all applicable law
Advertising and Conduct in Third-Party Arrangements: When selling, advertising, or otherwise marketing uninsured digital assets to members, members should be informed that the products offered:
- Are not federal insured
- Are not obligations of the FICU
- Are not guaranteed by the FICU
- Are or may be heavily speculative and volatile
- May have associated fees
- May not allow member recourse
- Are being offered by a third party
These disclosures should be made in writing and in a location and type size that are clear and conspicuous to the member. Oral disclosures should also be made as part of any oral presentation or customer support. In addition, to avoid confusion, third parties should not offer products with a product name that is intentionally similar to a FICU’s name.
Supervisory Considerations
The NCUA recognizes third-party relationships may be valuable to FICUs in facilitating member access to the new and emerging digital asset services currently evolving within the marketplace. However, FICUs are responsible for safeguarding member assets and ensuring sound operations irrespective of whether delivery of services is accomplished internally or through a third-party relationship. Accordingly, when assigning supervisory risk and CAMELS ratings as part of the supervisory process, examiners will evaluate the rigor with which FICUs execute compliance and risk oversight of third-party relationships established to deliver member access to digital asset services.
21-RA-10 2022 Truth in Lending (Regulation Z) Annual Threshold Adjustments (Credit Cards, HOEPA, and Qualified Mortgages)
December 2021
The CFPB has published its Truth in Lending (Regulation Z) Annual Threshold Adjustments (for credit cards, HOEPA, & QM). The thresholds adjustments are based on the annual percentage change reflected in the Consumer Price Index (CPI) in effect June 1, 2021. The adjusted thresholds are effective January 1, 2022.
Credit card/Open-end Annual Adjustments
- Minimum Interest Charge Disclosure – For all open-end consumer credit plans under the TILA, the threshold to disclose minimum interest charges will remain unchanged at $1.00.
- Safe Harbor Penalty Fees – For open-end consumer credit plans under the CARD Act amendments to TILA (§ 1026.52(b)(1)(ii)(A)), the adjusted dollar amount for the safe harbor for a first violation penalty fee will increase to $30 for the year 2022. The adjusted dollar amount for the safe harbor for a subsequent violation penalty fee (§ 1026.52(b)(1)(ii)(B)) will increase to $41 for the year 2022.
HOEPA Adjustments
- HOEPA – For HOEPA loans, the adjusted total loan amount threshold for high-cost mortgages for the year 2022 will be $22,969, an increase from $22,052 in 2021. The adjusted points and fees dollar trigger for high-cost mortgages (§ 1026.32(a)(1)(ii)(B)) for the year 2022 will be $1,148, an increase from $1,103 in 2021.
Qualified Mortgages – To determine consumers’ ability to repay mortgage loans, the maximum thresholds for total points and fees for qualified mortgages in 2022 will be:
Qualified Mortgage Amounts
| Reg Z Provision | 2022 Amounts | 2021 Amounts |
|---|---|---|
| 3% of total loan amount for loan amount > $100,000 | Greater than or equal to $114,847 | Greater than or equal to $110,260 |
| $3,000 for a loan amount greater than or equal to $60,000 but less than $100,000 | $3,445 for loans greater than or equal to $68,908 but less than $114,847 | $3,308 for loans greater than or equal to $66,156 but less than $110,260 |
| 5% of total loan amount for loans greater than or equal to $20,000 but less than $60,000 | 5% for loans greater than or equal to $22,969 but less than $68,908 | 5% for loans greater than or equal to $22,052 but less than $66,156 |
| $1,000 for a loan amount greater than or equal to $12,500 but less than $20,000 | $1,148 for loans greater than or equal to $14,356 but less than $22,969 | $1,103 for loans greater than or equal to $13,783 but less than $22,052 |
| 8% of the total loan amount for loans less than $12,500 | 8% for loans less than $14,356 | 8% for loans less than $13,783 |
Summary
On October 21, 2021, the Consumer Financial Protection Bureau (CFPB) ordered six large technology companies operating payment systems in the US to provide information about certain of their business practices. The information will help the CFPB better understand how these firms use personal payments data and manage data access to users so the Bureau can ensure adequate consumer protection.
The Bureau invites any interested parties, including consumers, small businesses, advocates, financial institutions, investors and experts in privacy, technology, and national security to submit comments to inform the agency’s inquiry.
Comments must be received by December 6, 2021. The notice and comment request can be found here.
Congress has tasked the Bureau with ensuring that markets for consumer financial products and services are fair, transparent and competitive. It has authorized the Bureau to require participants in the marketplace to provide information that helps the Bureau monitor risks to consumers and to publish aggregated findings that are in the public interest. Little is known publicly about how Big Tech companies will exploit their payment platforms. As a result, the Bureau has published the October 21, 2021 statement from Director Chopra within this notice and is asking for comment on the statement as well as the questions posed within.
The full statement can be accessed via the link to the notice provided above and the questions posed are found below:
- Will big tech companies engage in invasive financial surveillance and combine the data they collect on consumers with their geolocation and browsing data?
- Will they in turn use this data to deepen behavioral advertising, engage in price discrimination, or sell to third parties?
- Will these companies operate their payment platforms in a manner that interferes with fair, transparent, and competitive markets?
- Will the payment platforms be truly neutral, or will they use their scale to extract rents from market participants?
- Will small businesses feel coerced into participating in the payment platforms out of fear of being suppressed or hidden in search or product listings? If these tech companies enter a market that competes with other providers on the platform, will these providers be removed or otherwise disadvantaged?
- What factors will these tech companies use when disqualifying or delisting an individual or business from participating on the platform?
- How will these payment platforms ensure that key consumer protections are adhered to?
- How effectively do they manage complaints, disputes and errors?
- Are they sufficiently staffed to ensure adequate steps are taken to address consumer protection and provide responsive customer service when things go wrong?
The Bureau’s inquiry will help to inform regulators and policymakers about the future of our payments system. It will also yield insights that may help the Bureau to implement other statutory responsibilities, including any potential rulemaking under Section 1033 of the Dodd Frank Act.
How to get started: Select the dropdown preferences based on the section topic and the state(s) of interest, then press “search.” Once the results pop up, use the “export” or “print” features on the right side to save your search findings.
DISCLAIMER
The NASCUS State System Profile is an online open-content collaborative database; that is, a voluntary association of individuals and groups working to develop a resource of state supervisory information. The structure of this project allows for approved state-specific supervisory editors to alter its content. Please be advised that data found here has not been peer-reviewed by NASCUS staff. That is not to say that you won’t find this to be a valuable and accurate source of information. However, NASCUS cannot guarantee the validity of the information found here. Copyright 2022 National Association of State Credit Union Supervisors (NASCUS)
LTCU: (21-CU-13) Subordinated Debt Final Rule Effective January 1, 2022
November 2021
NCUA’s LTCU was issued to reminder to FICUs that the final subordinated debt rule (NASCUS summary here) becomes effective on January 1, 2022. The final rule amends various parts of the NCUA ’s regulations to permit low-income designated credit unions, complex credit unions, and new credit unions to issue subordinated debt for purposes of regulatory capital treatment.
For low-income designated credit unions (LICUs) any secondary capital issuances occurring after January 1, 2022, will be subject to the requirements of the final rule including re-approval pursuant to the subordinated debt rule.
NCUA is considering a rule change that would allow LICUs to issue secondary capital under a plan approved in 2021, irrespective of the date of issuance, provided such issuances are to the United States government or one of its subdivisions. NCUA will likely finalize this rule change before December 31, 2021.
NCUA recommends LICUs planning on submitting a secondary capital plan to take advantage of the current rules do so as soon as possible given the 45-day review period. LICUs may also wish to consider submitting plans pursuant to the subordinated debt rules taking effect on January 1, 2022 to avoid having to resubmit a plan if their submission is not approved prior to that date.
LTCU 21-CU-12 Internal Revenue Service’s Volunteer Income Tax Assistance Program Collaboration Opportunities
November 2021
Credit unions have until November 15, 2021, to contact the Internal Revenue Service (IRS) to inquire about participating in the IRS’ Volunteer Income Tax Assistance (VITA) program ([email protected]).
The VITA program provides education for consumers on refundable credits, such as the Earned Income Tax Credit (EITC) and the Child Tax Credit (CTC). Credit unions may participate in the VITA program by:
- Promoting the VITA program and eligibility requirements through social media, member statements, and/or hosting links to the VITA Locator Tool, and/or the IRS Free File;
- Providing space and equipment at credit union facilities for members to prepare their own tax returns; and
- Hosting IRS-certified volunteers onsite at the credit union to assist members.
NCUA notes that for credit unions, the benefits of participating in the VITA program include:
- Potential to attract new members,
- Asset and wealth building opportunities for members,
- Greater financial education and financial stability among members,
- Opportunities to partner with other community-based organizations,
- Increased membership benefit offerings/potential increased membership loyalty,
- Continuing professional education credits for qualified VITA-trained volunteers,
- Free income tax preparation software or online access for credit unions and their members.
Credit union interested in participating in VITA program can learn more about the program at IRS Partner and Resource Center and Volunteer Site Coordinator Handbook. Interested credit unions should review their operations and strategic plans to determine if the program is a good fit that credit union. Grants and other funding resources are available from NCUA and IRS.
Final Rule Summary: FCU CUSOs (Parts 712)
October 2021
Prepared by NASCUS Legislative & Regulatory Affairs Department
NCUA has issued a final rule related to federal credit union (FCU) credit union service organizations (CUSOs). NCUA’s final rule expands the list of permissible activities and services for CUSOs to include the origination of any type of loan that a FCU may originate and grants NCUA additional flexibility to approve permissible activities and services.
NCUA had also solicited comments in the proposed rule about whether to allow FCUs to invest in certain non-CUSO entities. NASCUS supported so doing, and NCUA noted NASCUS’s recommendation to allow FCUs to invest in certain federally insured state credit union (FISCU) CUSOs without those CUSOs then being subject to NCUA’s CUSO rule’s permissible activities provisions (those provisions do not currently apply to FISCU CUSOs). While not included in this final rule, NCUA did note it would consider that change at a later date.
The CUSO final rule may be read here. The rule becomes effective November 26, 2021.
The NCUA Board vote to approve the rule was a 2-1 vote. Competing views of the proposal are reflected in the enclosed statements by NCUA Chairman Harper (opposed) and NCUA Board member Hood (in favor).
Summary
- FCU CUSOs may now originate any type of loan that an FCU may originate.
NCUA will now permit FCU CUSOs to originate any type of loan that an FCU may originate. Prior to this rule change, FCU CUSOs were only permitted to make business, consumer mortgage, student, and credit card loans. NCUA limited FCU CUSO lending for the following reasons:
- FCU CUSOs may serve customers who are not members of a credit union and NCUA was concerned FCUs would then be profiting from non-members.
- NCUA believed if the FCU CUSO was making member loans, NCUA would have a duty to examine those loans.
- NCUA believed permitting FCU CUSOs to engage in a core credit union function could negatively affect affiliated credit union services.
NCUA cites the following mitigating factors for lifting the previous limitations:
- Although NCUA lacks 3rd party authority, FCUs may only lend or invest 1% of their paid-in and unimpaired capital and surplus, into their CUSOs (aggregate).
- Part 712.3(d) requires all FICUs that own CUSOs to stipulate by contract that NCUA has access to the CUSOs books and records.
- NCUA has broad investigative subpoena authority that agency staff can use to obtain records and testimony in certain extraordinary circumstances if needed.
- That most FCU CUSO loans are sold to FICUs which in turn are subject to examination and enforcement.
- The fact that 72% of natural person credit union CUSOs are wholly owned giving NCUA leverage over the FICU owner.
In addition to permitting a FCU CUSO to originate any type of a loan a FCU may make, FCU CUSOs are now permitted to purchase, sell, and hold any type of loan permissible for FCUs to purchase, sell, and hold. Under the final rule, FCU CUSO originated loans are not subject to the same restrictions as loans originated by FCUs. However, an FCU may not purchase a loan from a CUSO unless the loan meets the requirements of the NCUA’s eligible obligations rule. Similarly, an FCU may not purchase a loan participation from a CUSO unless it complies with the NCUA’s loan participations rule
With respect to loan participations, the final rule permits FCU CUSOs to purchase and sell only participation interests that are permissible for FCUs to purchase and sell.
- All FCU CUSO loan originations are now considered complex or high risk and subject to the enhanced reporting requirements pursuant to the CUSO registry.
Under the current CUSO rule, a CUSO must submit an annual report to NCUA for inclusion in the CUSO registry. CUSOs that are engaged in complex or high-risk activities have enhanced reporting obligations for the registry. Pursuant to § 712.3(d)(4) complex or high-risk CUSOs must agree to include in their report:
- A list of services provided to certain credit unions;
- the investment amount, loan amount, or level of activity of certain credit unions;
- the CUSO’s most recent year-end audited financial statements;
- the total dollar amount of loans outstanding;
- the total number of loans outstanding;
- the total dollar amount of loans granted year-to-date; and
- the total number of loans granted year-to-date.
NCUA will now classify all lending by CUSOs as complex/high risk subject to the above reporting.
- New authorities for FCU CUSOs will be authorized by publication on NCUA website
Permissible activities for a FCU CUSO are listed in § 712.5 and have before now required notice and comment rulemaking before being changed. In contrast, NCUA’s corporate credit union CUSO rules in § 704 allowed NCUA to add permissible activities for corporate credit unions by simply publishing the new authorities on the NCUA website.
Under the final rule, NCUA will now amend permissible activities for FCU CUSOs by publishing the new authorities on the NCUA website. NCUA is reserving the right to use notice and comment for “novel” authorities in the future. NCUA will also use notice and comment before removing authorities.
Final Rule Summary: CAMELS Rating System (Parts 701, 703, 704, 713)
October 2021
Prepared by NASCUS Legislative & Regulatory Affairs Department
NCUA is updating the NCUA’s supervisory rating system from CAMEL to CAMEL”S” by adding the ‘‘S’’ (Sensitivity to Market Risk) component to the existing CAMEL rating system and redefining the ‘‘L’’ (Liquidity Risk) component. The other federal bank regulators have been using the CAMELS rating system since 1997 and over half of state credit union regulators already use CAMELS rather than the NCUA CAMEL system to more precisely measure interest rate risk (IRR).
NCUA will implement the addition of the ‘‘S’’ rating component and a redefined ‘‘L’’ rating for examinations and contacts started on or after April 1, 2022.
The CAMELS final rule may be read here. The rule becomes effective April 1, 2022.
Summary
NCUA adopted the CAMEL rating system in 1987 to reflect the significant financial, operational, and management factors that examiners assess in their evaluation of a credit union’s performance and risk profile. NCUA is now updating the agency’s supervisory rating system from CAMEL to CAMELS by adding the ‘‘S’’ component to the existing CAMEL rating system to evaluate sensitivity to market risk and adding new rating criteria and evaluation factor examples.
“S” Rating Description
| S Rating | Description |
|---|---|
| 1 | • Risk management practices & controls for market risk are strong for the size & sophistication of the credit union, and the level of market risk it has accepted. • There is minimal potential for market price or interest rate changes to create a material adverse effect on the credit union’s earnings performance or capital position. • The credit union has more than sufficient earnings and capital to support the level of market risk taken by the credit union. |
| 2 | • Risk management practices & controls for market risk are satisfactory for the size & sophistication of the credit union, & the level of market risk it has accepted. • There is only moderate potential for market price or interest rate changes to create a material adverse effect on the credit union’s earnings performance or capital position. • The credit union has sufficient earnings and capital to support the level of market risk taken by the credit union. |
| 3 | • Risk management practices and controls for market risk are not fully commensurate with the size and sophistication of the credit union, or the level of market risk it has accepted. • There is high potential for market price or interest rate changes to create a material adverse effect on the credit union’s earnings performance or capital position. • The level of market risk taken is high in relation to the credit union’s earnings or capital. |
| 4 | • Risk management practices and controls for market risk are significantly deficient given the size and sophistication of the credit union, or the level of market risk it has accepted. • There is high potential for market price or interest rate changes to threaten the viability of the credit union. • The level of market risk taken is excessive in relation to the credit union’s earnings or capital. |
| 5 | • The level of market risk taken or exposure to market price or interest rate changes is an imminent threat to the credit union’s viability. |
Modifying the ‘‘L’’ Component
Now that NCUA will adopt the CAMELS rating system, the agency will redefine the “L” component to focus exclusively on liquidity.
| L Rating | Description |
|---|---|
| 1 | • The credit union has strong liquidity levels. • The credit union has well-developed funds management policies and practices. • The credit union has reliable access to sufficient sources of funds on favorable terms to meet present and anticipated liquidity needs. |
| 2 | • The credit union has satisfactory liquidity levels. • The credit union has adequate funds management policies and practices. • The credit union has access to sufficient sources of funds on acceptable terms to meet present and anticipated liquidity needs. |
| 3 | • The credit union has low liquidity levels. • The credit union’s funds management policies and practices are not fully commensurate with its size and complexity, or the liquidity risks it has taken. • The credit union may lack ready access to funds on reasonable terms. |
| 4 | • The credit union has inadequate liquidity levels. • The credit union’s funds management policies and practices are inadequate given its size and complexity, or the liquidity risks it has taken. • The credit union is likely not able to obtain sufficient funds on reasonable terms to meet liquidity needs. |
| 5 | • Liquidity levels are so deficient there is an imminent threat to the credit union’s viability. • The credit union requires extraordinary external financial assistance to meet maturing obligations or other liquidity needs. |
Technical Amendments
Several provisions of NCUA’s rules specifically reference the CAMEL (no “S”) and will be updated to reflect the new CAMEL”S” and the refined narratives. The following provisions will be amended by replacing “CAMEL” with “CAMELS.”
| NCUA Part | Provision |
|---|---|
| Part 700 Definitions | § 700.2 |
| Part 701 Organization & Operation of FCUs | § 701.14(b) (3) (i) and (ii) § 701.14(b) (4)(i) and (ii) § 701.23(b)(2) |
| Part 703 Investment & Deposit Activity | § 703.13(d)(3)(iii) § 703.14(i) § 703.14(j)(4) |
| Part 704 Corporate Credit Unions | § 704.4(d)(3)(ii) |
| Part 713 Fidelity Bond & Insurance Coverage | § 713.6(a)(1) § 713.6(c) |
NCUA Risk Alert: 21-RISK-01 Business Email Compromise through Exploitation of Cloud-Based Email Services
October 2021
NCUA issued Risk Alert 21-Risk-01 to provide credit unions a warning regarding a common Business Email Compromise (BEC) scam and tips on mitigations measures to counter BEC fraud and wire transfer fraud.
Business Email Compromise
In one of the most effective types BEC scams, cybercriminals use phishing kits that impersonate popular cloud-based email services to compromising victim email accounts in search of information on financial transactions. Cybercriminal will often reconfigure victim’s mailboxes to delete key messages or forward key messages. Using information gathered from compromised accounts, cybercriminals impersonate email between compromised businesses and third parties to request pending or future payments be redirected to fraudulent bank accounts.
Cybercriminals will use compromised email accounts to also identify new targets for phishing and therefore a successful email account compromise at one business can affect multiple victims associated with the account.
Prevent Business Email Compromise Fraud
NCUA provides credit unions the following tips to help prevent BEC fraud:
|
Enable multi-factor authentication for all email accounts. |
Disable basic or legacy account authentication that does not support multi-factor authentication. |
|
Use caution when posting information on social media/company websites, especially job duties & descriptions, org charts & out-of-office details. |
Educate employees about BEC scams, including preventative strategies like how to identify phishing emails & how to respond to compromises. |
|
Verify all payment changes and transactions in person or via a known telephone number. |
Prohibit automatic forwarding of business email to external addresses. |
|
Add an email banner to messages coming from outside your organization. |
Enable alerts for suspicious activity, such as foreign logins. |
|
Prohibit email protocols, such as POP, IMAP, and SMTP that can be used to circumvent multi-factor authentication. |
Implement email authentication technologies such as Domain-based Message Authentication Reporting and Conformance (DMARC) policies to prevent spoofing and validate incoming email. |
| Enable security features that block malicious email, such as anti-phishing & anti-spoofing policies. | Ensure changes to mailbox login and settings are logged and retained for at least 90 days. |
Prevent Wire Transfer Fraud
Cybersecurity threats resulting in wire transfer fraud are increasing and NCUA notes it is essential to ensure that proper wire controls are in place.
| Operational Controls | Transactional Controls | Physical & Logical Controls |
|---|---|---|
| • Dual controls and separation of duties | • Call-back parameters | • Multi-factor authentication |
| • Documented and board-approved policies and procedures | • System enforced monetary thresholds | • Patch management, virus protection, and firewall protection |
| • Timely balancing and reconciliation of related accounts | • System enforced end user monetary limits | • System access controls |
| • Incident response and business continuity planning and testing | • System enforced time-of-day restrictions | • Network security policies |
| • Automated velocity monitoring | • Member and staff information security training | |
| • Exception handling procedures | ||
| • Enhanced due diligence and monitoring of high-risk members and activity |
Report and Recover Funds from Business Email Compromise Fraud
Credit unions that identify BEC or a wire transfer fraud should:
- File a complaint with the FBI
- Contact their wiring originating financial institution as soon as possible to request a recall or reversal and initiate a Hold Harmless Letter or Letter of Indemnity with the receiving financial institution
- Follow FinCEN guidance for filing Suspicious Activity Reports on BEC incidents
Additional information on BEC is available at the FBI’s Internet Crime Complaint Center Business Email Compromise webpage. Additional information on authentication is available from FFIEC: Authentication and Access to Financial Institution Services and Systems
LTCU 21-CU-10 Interagency Statement on LIBOR Transition
October 2021
NCUA issued LTCU 21-CU-10 to follow-up on Letter to Credit Unions 21-CU-03, LIBOR Transition (NASCUS summary here) and make credit unions aware of a Joint Statement issued by state and federal bank and credit union regulators outlining supervisory expectations related to bank and credit union transition away from LIBOR. NCUA reiterates its expectations that all FICUs transition away from using U.S. dollar LIBOR as a reference rate as soon as possible, but no later than December 31, 2021, and to ensure existing contracts have robust fallback language that includes a clearly defined alternative reference rate.
The Joint Statement by the state & federal regulators reminds institutions that Failure to adequately prepare for the end of LIBOR could create safety and soundness issues and increase litigation, operational, and consumer protection risks. Other supervisory considerations detailed in the Joint Statement include:
- Clarification on the meaning of new LIBOR contracts – Financial institutions should be careful about entering into new contracts before December 31, 2021, that create additional LIBOR exposure for a supervised institution or extends the term of an existing LIBOR contract. New contracts should either use a reference rate other than LIBOR or have fallback language that provides for use of a strong and clearly defined alternative reference rate after LIBOR’s discontinuation.
- Considerations when assessing the appropriateness of alternative reference rates Institutions must conduct the due diligence necessary to ensure that alternative rate selections are appropriate for their products, risk profile, risk management capabilities, customer and funding needs, and operational capabilities.
- Expectations for fallback language – Institutions should identify all existing contracts that reference LIBOR and lack adequate fallback language. As noted above, all future contracts should consider fallback language in the event the initial benchmark is discontinued.
- Additional considerations – Institutions are encouraged to take the following actions as they prepare for the LIBOR transition:
- develop and implement a transition plan for communicating with consumers, clients, and counterparties
- ensure systems and operational capabilities will be ready for transition to a replacement reference rate after LIBOR’s discontinuation