Supervisory Priorities for 2020

Letters to Credit Unions 20-CU-01 NCUA Supervisory Priorities for 2020

January 2020

 NCUA has published a Letter to Credit Unions (LTCU) identifying the agency’s supervisory priorities for 2020. The LTCU also updates stakeholders on NCUA’s efforts to modernize its examination and supervision program.

NCUA identified seven supervisory priorities for 2020. Six of the priorities are carried over from the 2019. The seven 2020 supervisory priorities are:

• BSA/AML
• Consumer Financial Protection
• Credit Risk
• Current Expected Credit Losses
• Information Systems and Cyber Security
• Liquidity
• The End of LIBOR (new for 2020)

NCUA will continue to operate under the extended exam cycle. For FISCUs, this means an NCUA exam cycle of 8-12 months for FISCUs with:

• Assets greater than $1 billion;
• Composite NCUA CAMEL code 4 or 5 with assets greater than $50 million; or
• Composite NCUA CAMEL code 3 with assets greater than $250 million.

All other FISCUs will be on a risk-based exam cycle (and at least once every 5 years). See LTCU 16-CU-12 for more information on NCUA’s risk-based exam program. Credit unions < $50 million will continue to be examined under the Small Credit Union Exam Program procedures.

NCUA’s 2020 Supervisory Priorities

Bank Secrecy Act Compliance/Anti-Money Laundering

NCUA requires its examiners review BSA/AML on every exam. NCUA, and states, have MOUs in place with FinCEN and BSA/AML continues to be a priority for policy makers in Washington, DC. Credit unions should be aware of the following joint statements issued by federal regulators in 2018 and 2019 on BSA related issues:

• October 2018 statement on sharing BSA resources
• December 2018 statement on using innovation to enhance BSA compliance
• July 2019 statement on risk focused BSA supervision 

Furthermore, in 2020, NCUA is emphasizing customer due diligence and beneficial ownership compliance requirements as well as the timely and accurate filing of SARs and CTRs. Additional developments for 2020:

• Coming updates to the FFIEC BSA Exam Manual  
• Pending updates to enforcement guidelines and guidance on PEPs

NCUA has resources available: Bank Secrecy Act Resources. To enhance understanding of BSA/AML/OFAC examination and compliance obligations, NASCUS’ 2020 BSA Conference will be held November 9-12, 2020, in Ft. Lauderdale, Florida. NASCUS’ BSA Conference, presented jointly with CUNA, is the largest credit union specific BSA conference in the country.

Consumer Financial Protection

NCUA conducts risk-focused reviews of applicable consumer financial protection regulations during every NCUA examination. In addition, each year NCUA rotates consumer protection regulations to emphasize in examinations. In 2020, in addition to any risk-focused regulations identified for review, NCUA examiners will also focus on:

• Electronic Fund Transfer Act (Regulation E).NCUA examiners will evaluate Electronic Fund Transfer (EFT) policies & procedures, review initial account disclosures, & review Reg. E’s error resolution procedures.
• Fair Credit Reporting Act (FCRA).NCUA examiners will review credit reporting policies and procedures and the accuracy of reporting to credit bureaus.
• Gramm-Leach-Bliley (GLBA).NCUA examiners will continue to assess compliance with GLBA and credit union protection of member non-public personal information.
• Small dollar lending (including PAL Lending).NCUA examiners will test for compliance with NCUA PALs rules and interest rate cap and evaluate any non-PALs lending programs.
• Truth in Lending Act (Regulation Z).NCUA examiners will evaluate credit union practices related to:
• annual percentage rates and late charges and related siclosures
• how loan payments are applied to principal
• interest, fees and other charges, and late fees
• whether the application is consistent with the agreement and disclosures
• Military Lending Act (MLA) & Servicemembers Civil Relief Act (SCRA).NCUA will review credit union compliance with the MLA and SCRA.

Resources are available at NCUA’s Consumer Compliance resources webpage.

Credit Risk

In 2020, NCUA examiners will place emphasis on the review of the credit union’s loan underwriting standards and procedures. In particular, examiners will verify if credit unions properly analyzed borrowers’ ability to meet debt service requirements without undue reliance on the value of any collateral. NCUA will also be implementing enhanced examination procedures for credit unions with very high concentrations in specific loan types. For more information, see NCUA LTCU 10-CU-03, Concentration Risk.

Current Expected Credit Losses

FASB has delayed CELC until January 2023 for credit unions. However, NCUA examiners will continue to discuss CECL implementation plans with credit unions.

For more information, see the April 2019 Interagency FAQs.

 Information Systems and Assurance (Cybersecurity)

An updated version of ACET will deployed in 2020. In early 2020, Credit unions will be able to access the system thru N NCUA’s website to complete self- assessments. From 2018 to the present, NCUA has conducted cybersecurity maturity assessments for credit unions with assets of $250 million or greater. In 2020, the NCUA will continue completing these assessments for credit unions with assets over $250 million and begin completing assessments for credit unions with assets over $100 million. The initial maturity assessment cycle will be completed in 2021. Starting in 2022, the agency will refresh the maturity assessments following the same cycle. NCUA will also be piloting new procedures in 2020 to evaluate critical security controls during examinations between maturity assessments.

For more information, visit the NCUA’s Cybersecurity Resources website.

LIBOR Cessation Planning

As NASCUS has be discussing with its members, the LIBOR index is ending in 2021. This has the potential to disrupt credit union involved LIBOR -based products and contracts such as loans, investments, derivatives, deposits, and borrowings. Credit unions should be proactively transitioning away from instruments using LIBOR as a reference rate. NCUA examiners will assess credit unions’ exposure and planning related to the discontinuance of LIBOR.

Liquidity Risk

Credit unions continue to exhibit lower levels of on-balance-sheet liquidity due, in part, to strong loan growth trends and increased competition for traditional, low-cost deposits. In 2020, NCUA examiners will review liquidity management & planning by evaluating:

• effects of changing interest rates on the market value of assets & borrowing capacity;
• Scenario analysis for liquidity risk modeling, including possible member share migrations and scenario analysis for changes in cash flow projections
• The appropriateness of contingency funding plans

 NCUA Exam Modernization

•  NCUA Connect – In 2019, the NCUA began piloting a new secure user portal, NCUA Connect. In 2020 NCUA Connect will be made available to all credit unions and state regulators.
• MERIT – The Modern Examination and Risk Identification Tool (MERIT). MERIT will be released to all examination staff in the second half of 2020. Credit unions will be able to use MERIT to send files or updates to examiners and access examination reports.

For more information, see  NCUA Connect & MERIT. In addition, NCUA has several other initiatives underway such as CUOnline (the Profile and Call Report). See  Examination Modernization Initiatives.

 Statutory and Regulatory Updates

There have been recent changes to laws and regulations applicable to credit unions.

• Commercial Real Estate Appraisal Rule – Effective October 22, 2019, new final rule § 722 increased the appraisal threshold for commercial real estate transactions from $250,000 to $1 million. Now for commercial loans under $1 million credit unions may choose to conduct a written estimate of market value or obtain an appraisal by a state-licensed appraiser. The final rule increases the standards for thequalifications and independence of individuals conducting written estimates of market value.
• Private Flood Insurance Rule – Under new private flood insurance rules credit unions must accept certain flood insurance policies from private providers. For other policies from private providers, credit unions have the option to accept the insurance if the policy meets certain criteria. For more information, see the NCUA Regulatory Alert, 19-RA-01, Flood Insurance Alternatives.
• Public Unit and Nonmember Shares Rule – The NCUA approved a final rule amending Section 701.32 regarding public unit and nonmember shares. Effective January 29, 2020, federally insured credit unions generally can accept public unit and nonmember shares in an amount up to 50% of paid-in and unimpaired capital and surplus, less any public unit or nonmember shares, or $3 million, whichever is greater. If public unit and nonmember shares, combined with borrowings exceeds 70% then a written plan must be kept.
•  Serving Hemp Businesses – Credit unions may provide the customary range of financial services for business accounts, including loans, to lawfully operating hemp-related businesses within their FOM. The NCUA encourages credit unions to thoughtfully consider whether they are able to safely and properly serve hemp-related businesses. In 2020, NCUA examiners will be collecting data through the examination process concerning the types of services credit unions are providing to hemp-related businesses. See NCUA Regulatory Alert, 19-RA-02, Serving Hemp Businesses, and the USDA’s website.
• Supervisory Committee Audits Rule – NCUA has amended § 715 to provide additional flexibility to FICUs regarding financial statement audits. These amendments go into effect January 6, 2020.The NCUA has issued a new guide to assist supervisory committees in conducting other supervisory committee audits.

Letters to Credit Unions No.: 19-CU-01 Supervisory Priorities 2019

January 2019

NCUA has published the first Letter to Credit Unions of 2019 to provide stakeholders an overview of the agency’s supervisory priorities for the year. As discussed in more detail below, NCUA’s supervisory priorities for 2019 include:

• BSA/AML Compliance
• Credit Concentration
• Consumer Compliance
• CECL
• Information Systems
• Liquidity & Interest Rate Risk

NCUA also notes that the extended examination cycle introduced in 2017 will be fully implemented in 2019. (See LTCU 16-CU-12 and NASCUS summary). In addition, NCUA examiners will continue to use the small credit union exam program procedures for most credit unions with assets under $50 million and a risk focused examination for all others. NCUA examiners will have increased flexibility to conduct suitable examination work offsite. (see NCUA’s Flexible Examination Program (FLEX) pilot).

NASCUS notes that most FISCU examinations will continue to be conducted primarily by state examiners.

Bank Secrecy Act Compliance

NCUA will enhance its scrutiny of BSA/AML compliance, especially the beneficial owner compliance. (see LTCU 18-CU-02). NCUA also has information on its Bank Secrecy Act website.

Concentrations of Credit

NCUA will focus on large concentrations of loan products and concentrations of specific risk characteristics. If excessive levels of credit concentration risk are identified, examiners will work with credit union management to identify strategies to mitigate the risk. (See LTCU 10-CU-03 Concentration Risk).

Consumer Compliance

NCUA examiners will continue to perform limited reviews of HMDA quarterly Loan/Application Registers, or full-year Loan/Application Registers, taking into account the partial exemptions that took effect on May 24, 2018. (See Consumer Financial Protection Update 18-01). NCUA will also continue to focus on Military Lending Act compliance. (See NCUA Regulatory Alerts 16-RA-04, Guidance on Regulatory Changes Affecting Military Lenders and 16-RA-06, Department of Defense’s Interpretive Guidance on Military Lending Act Limitations on Terms of Consumer Credit Extended to Service Members and Dependents)

NCUA examiners will review credit unions’ compliance with Regulation B’s notification requirements following adverse action taken on consumer credit applications and overdraft policies and procedures for compliance with Regulation E. (See NCUA’s Consumer Compliance Regulatory Resources website).

 Current Expected Credit Losses (CECL)

NCUA examiners will inquire about credit union efforts to prepare for FASB’s January 1, 2022 effective date for CECL and how the changes alter ALLL funding needs. (See LTCU 17-CU-05, and LTCU 16-CU-13 on CECL).

Information Systems and Assurance

NCUA will continue to assess credit union cybersecurity maturity using the Automated Cybersecurity Examination Toolbox (ACET) for credit union with over $250 million in assets that have not previously received an assessment. NCUA will also be focusing on

credit union IT risk management and credit union oversight of third-party service provider arrangements. (See NCUA’s Cybersecurity Resources website).

 

Liquidity and Interest Rate Risks

In assessing credit union liquidity and interest rate risk management, NCUA will consider:

 

• The potential effects of rising interest rates on the market value of assets that affect changes to net worth and borrowing capacity
• Member preference shifts to shares with more market sensitivity
• Management’s ability to meet liquidity needs given the increased competitive pressures that affect share balances

 

​-End-

 

Letters to Credit Unions 19-CU-04 Use of Alternative Data in Credit Underwriting

December 2019

NCUA, FRB, CFPB, FDIC, and the OCC have issued a joint statement on the use of alternative data by financial institutions in determining a borrowers’ creditworthiness. The joint statement focuses on the benefits and risks to financial institutions of using such data and the expectation that financial institutions develop a compliance program for managing the risks of alternative data.

Alternative data “means information not typically found in the consumer’s credit files of the nationwide consumer reporting agencies or customarily provided by consumers as part of applications for credit.”

The joint statement states that alternative data is being used (or considered) for credit underwriting, as well as in fraud detection, marketing, pricing, servicing, and account management. The use of alternative data:

• may improve the speed, cost and accuracy of credit decisions
• may help evaluating potential borrowers who may not obtain credit in the mainstream credit system
• may enable consumers to obtain additional products or more favorable pricing/terms based on enhanced assessments of repayment capacity

Banks and credit unions using alternative data must ensure that usage is consistent with safe and sound operations. Appropriate controls should include a rigorous assessment of the quality and suitability of the data. The appropriateness of the data models should also be evaluated. The federal agencies acknowledge that in some cases the use of alternative data may present no greater risk than the use of traditional data. For example, automating the use of cash flow data to better evaluate borrowers’ ability to repay loans is at it’s a core a longstanding underwriting principle.

The guidance provides several additional resources for managing risks associated with models, including those that may leverage alternative data:

• SR 11-7: Federal Reserve Guidance on Model Risk Management (April 2011)
• OCC Bulletin 2011-12: Sound Practices for Model Risk Management: Supervisory Guidance on Model Risk Management (April 2011)
• FDIC: Supervisory Guidance on Model Risk Management (FIL-22-2017)

Use of such data may implicate several consumer protection statues and regulations including fair lending laws, prohibitions against unfair, deceptive, or abusive acts or practices, and the Fair Credit Reporting Act. A well-designed compliance management program can help provide the financial institution a thorough analysis of relevant consumer protection laws and regulations to ensure firms understand the opportunities, risks and compliance requirements before using alternative data.

Some alternative data, such as cash flow data, may present lower risks than other data. However, some alternative data may warrant more robust compliance management including appropriate testing, monitoring and controls.

-End-

Summary: Final Rule re: Home Mortgage Disclosures Act’s (HMDA) Temporary Exceptions for Smaller Institutions

12 CFR Part 1003

Consumer Financial Protection Bureau

Prepared by the NASCUS Legislative & Regulatory Division

December 2019

The Consumer Financial Protection Bureau (CFPB) is amending Regulation C to extend the temporary data reporting threshold for open end lines of credit to January 1, 2022.  The Bureau is also incorporating into Regulation C the interpretations and procedures from the interpretive and procedural rule that the Bureau issued on August 31, 2019 and further implementing the Economic Growth, Regulatory Relief and Consumer Protection Act (EGRRCPA).

Most provisions of the final rule become effective on January 1, 2020.  However, amendments to Section 1003 become effective on January 1, 2022.  The final rule can be found here.

Summary

Regulation C, which implements HMDA, includes institutional and transactional coverage thresholds that determine whether financial institutions are required to collect, record and report any HMDA data on closed-end mortgage loans and open-end lines of credit.  Under EGRRCPA, Congress added partial exemptions from HMDA’s requirements that exempt certain insured depository institutions and insured credit unions from reporting some but not all HMDA data for certain transactions.  The final rule incorporates into Regulation C and implements further the EGRRCPA partial exemptions, as well as extending (for two years) a temporary adjustment to Regulation C’s institutional and transactional coverage threshold for open-end lines of credit.

Extension of the Temporary Adjustment to Open-End Coverage Threshold

Under its 2015 HMDA rule, the Bureau established institutional and transactional coverage thresholds in Regulation C that determined whether a financial institution would need to report any data under HMDA.  The 2015 rule set the closed-end reporting threshold to at least 25 loans in each of the two preceding yeas and the open-end threshold to at least 100 open-end lines of credit in each of the two preceding years.  However, before the thresholds under the 2015 rule became effective, the Bureau temporarily increased the open-end reporting threshold to at least 500 open-end lines of credit for two years (calendar years 2018 and 2019).  The Bureau believes that in the interim, extending the current temporary increase in the open-end coverage threshold for an additional two years will allow the Bureau to consider fully the appropriate level for the permanent open-end coverage threshold for data collected beginning January 1, 2022.

The final rule extends to January 1, 2022, the current temporary threshold of at least 500 open-end lines of credit for open-end institutional and transactional coverage.  The Bureau intends to issue a separate final rule to address permanent coverage thresholds for open-end lines of credit and closed end mortgage loans in the future.

 Implementation of Partial Exemptions

 The final rule also implements further the partial exemptions from HMDA’s requirements provided for under the EGRRCPA.  In 2018, the Bureau issued an interpretive and procedural rule to implement and clarify the EGRRCPA amendments to HMDA.  The 2018 HMDA rule clarifies that insured depository institutions and insured credit unions covered by a partial exemption have the option of reporting exempt data fields as long as they report all data fields within any exempt data point for which they report data; clarifies that only loans and lines of credit that are otherwise HMDA reportable count toward the thresholds for the partial exemptions; clarifies which of the data points in Regulation C are covered by the partial exemptions; designates a non-universal loan identifier for partially exempt transactions for institutions that choose not to report a universal loan identifier; and clarifies the exception to the partial exemptions for insured depository institutions with less than satisfactory examination histories under the Community Reinvestment Act (CRA) of 1977.

The final rule incorporates into Regulation C these interpretations and procedures, with minor adjustments, by adding new Section 1003.3(d) relating to the partial exemptions and making various amendments to the data compilation requirements in Section 1003.4.  The final rule further implements the EGRRCPA by addressing certain additional interpretive issues relating to the partial exemptions that the 2018 HMDA rule did not specifically address such as how to determine whether a partial exemption applies to a transaction after a merger or acquisition.

 

 

 

 

 

 

 

NCUA Final IRPS Summary

Interpretive Ruling & Policy Statement 19-1

2^nd Chance IRPS

Prepared by NASCUS Legislative & Regulatory Affairs Department

November 2019

 NCUA has finalized its revisions to the agency’s Interpretive Ruling and Policy Statement (IRPS) regarding statutory prohibitions imposed by § 205(d) of the Federal Credit Union Act (FCUA). Section 205(d) prohibits, except with the prior written consent of the Board, any person who has been convicted of any criminal offense involving dishonesty or breach of trust, or who has entered into a pretrial diversion or similar program in connection with a prosecution for such offense, from participating in the affairs of an insured credit union.

The final IRPS 19-1 may be read here.

With publication of final IRPS 19-1, NCUA is rescinding existing IRPS 08-1. The new IRPS is effective January 2, 2020.

Summary

Pursuant to § 205(d)(1) of the FCUA, except with the prior written consent of the Board, a person who has been convicted of any criminal offense involving dishonesty or breach of trust, or has agreed to enter into a pretrial diversion or similar program in connection with a prosecution for such offense may not:

• Become, or continue as, an institution-affiliated party with respect to any insured credit union; or
• Otherwise participate, directly or indirectly, in the conduct of the affairs of any insured credit union.

NCUA has chosen to provide greater opportunity for individuals with past indiscretions to participate in the affairs of a federally insured credit union.

Covered Persons

The final IRPS clarifies the that an independent contractor is a covered person if the contractor influences or controls the management or affairs of the credit union. In addition, a person who does not meet the definition of an “institution affiliated party” might also be prohibited by § 205 if he or she is participating in the conduct of the affairs of a credit union. Under the final IRPS, NCUA will continue to define institution affiliated party separately from “participation in the conduct of the affairs of a credit union” and make determinations on a case-by-case basis.

Offenses Covered

In order for an application to be considered by the NCUA Board, the case must be considered final by the procedures of the applicable jurisdiction. All of the sentencing requirements associated with a conviction or conditions imposed by the pretrial diversion or similar program, including, but not limited to, imprisonment, fines, condition of rehabilitation, and probation requirements, must be completed before the Board will deliberate a consent application.

Offenses not Covered

Currently, where the covered offense is considered de minimis, approval is automatically granted, and an application for NCUA’s consent is not required. The final IRPS modifies exceptions for de minimis offenses in two ways:

• By updating the general criteria for the exception
• By expanding the scope of the exception to include additional offenses to qualify as de minimis offenses

Currently, a de minimis offense is defined by the following five criteria:

• there is only one conviction or entry into a pretrial diversion program of record for a covered offense;
• the offense was punishable by imprisonment for a term of less than one year and/or a fine of less than $1,000, and the punishment imposed by the court did not include incarceration;
• the conviction or pretrial diversion program was entered at least five years prior to the date an application would otherwise be required;
• the offense did not involve an insured depository institution or insured credit union;
• the Board or the FDIC has not previously denied consent under Section 205(d) of the FCU Act or Section 19 of the FDIA

The final Second Chance IRPS updates these by modifying criterion #2 to allow those offenses punishable by imprisonment for a term of one year or less and/or a fine of $2,500 or less, and those offenses punishable by three days or less of jail time, to meet the  de minimis definition.

Expanding the De Minimis Exceptions

The final Second Chance IRPS expands the exception for offenses not requiring submission of an application to NCUA.

• Age at time of covered offense – A person with a covered conviction or program entry that occurred when the individual was 21 years of age or younger at the time of the conviction or program entry, and who otherwise meets the general de minimis criteria, qualifies for this de minimis exception if:
  • the conviction or program entry was at least 30 months prior to the date an application would otherwise be required; and
  • all sentencing or program requirements have been met prior to the date an application would otherwise be required.
• Bad checks – A conviction for writing bad checks will be considered de minimis if:
  • there is no other conviction or pretrial diversion program entry subject to Section 205(d)
  • the aggregate total face value of all bad checks $1,000 or less
  • no depository institution or credit union was a payee on any of the bad checks
• Small-dollar, simple theft – Under the final Second Chance IRPS, a simple theft of goods, services and/or currency (or other monetary instrument) will be considered de minimis where the following conditions are met:
  • the aggregate value of the currency, goods, and/or services taken was $500 or less at the time of conviction or program entry
  • the person has no other conviction or program entry described in Section 205(d)
  • it has been 5 years since the conviction or program entry (or 30 months in the case of a person 21 years or younger at the time of the conviction or program entry)
  • it does not involve a depository institution or credit union

The offenses of burglary, forgery, robbery, identity theft, and fraud are excluded from the simple theft exception.

• Use of a fake I.D – The use of a fake, false, or altered identification card by a person under the legal age to obtain or purchase alcohol, or to enter a premises where alcohol is served and age appropriate identification is required will be considered de minimis provided there is no other conviction or program entry for the covered offense.
• Simple misdemeanor drug possession – The IRPS classifies as de minimis those convictions or entries for drug offenses meeting the following conditions:
• the person has no other conviction/program entry described in § 205(d)
• the single conviction or program entry for simple possession of a controlled substance was classified as a misdemeanor and did not involve the illegal distribution (including an intent to distribute), sale, trafficking, or manufacture of a controlled substance or other related offense
• it has been 5 years since the conviction or program entry (or 30 months in the case of a person 21 years or younger at the time of the conviction or program entry).

Convictions or program entries for intent to distribute, illegal distribution, illegal sale or trafficking of a controlled substance, or illegal manufacture of a controlled substance will continue to require an application for the Board’s consent, unless otherwise qualifying as de minimis.

Expunged Convictions

The final IRPS clarifies the circumstances under which a conviction is deemed expunged for purposes of § 205(d). If an order of expungement has been issued in regard to a conviction or program entry and is intended by the language in the order itself, or in the legislative provisions under which the order was issued, to be a complete expungement, then it is considered expunged for the purposed of the final IRPS. If the jurisdiction’s expungement statute or the court allows the use of the conviction or program entry for a subsequent purpose, then the conviction has not been expunged.

Conditional Offers

The final rule allows credit unions to extend a conditional offer of employment contingent on the completion of a satisfactory background check to determine if the applicant is barred by § 205(d). However, the job applicant may not commence work for or be employed by the credit union until the applicant is determined to not be barred under § 205(d) or receives consent from the NCUA Board.

Distinguishing between Sponsored and Individual Applications

The final IRPS clarifies that generally, the insured credit union will file an application for NCUA consent for a § 205(d) applicant. The credit union submits the request to its NCUA Regional Office. Under certain circumstances, an individual may apply to NCUA in their own right for consent. In that case, the individual would submit the application to the NCUA regional Director for the area in which the applicant lives.

Delegation

NCUA is delegating consent authority for § 205(d) applications submitted by credit unions as the sponsor of an individual to the Program Office (Region) for submitting credit union. However, the NCUA Board will retain consent authority for individually filed applications for consent.

In the final IRPS, NCUA has also made changes to the application forms used to submit both sponsored and individual requests for consent.

-End-

Summary: Interpretive Rule re: Truth in Lending (Regulation Z) Screening and Training Requirements for Mortgage Loan Originators with Temporary Authority

12 CFR Part 1026

Consumer Financial Protection Bureau

Prepared by the NASCUS Legislative & Regulatory Division

November 2019

The Consumer Financial Protection Bureau (CFPB) issued an interpretive rule that construes the Bureau’s Regulation Z, which implements the Truth in Lending Act (TILA).  Generally, if a mortgage loan originator organization employs individual loan originators who are not licensed and are not required to be licensed, Regulation Z requires the loan originator organization to screen individuals interested in acting as loan originators, as well as providing certain ongoing training.  However, Regulation Z is ambiguous as to whether these requirements apply to loan originator organizations employing individual loan originators who have temporary authority to originate loans pursuant to the Economic Growth, Regulatory Relief and Consumer Protection Act of 2018 (EGRRCPA) amendments to the SAFE Act.

 

The rule concludes that a loan originator organization is not required to comply with certain screening and training requirements under Regulation Z if the individual loan originator employee is authorized to act as a loan originator pursuant to the temporary authority described in the SAFE Act.

 

The rule can be found here.  The rule became effective on November 24, 2019.

Summary

In 2010, Dodd Frank added Truth in Lending Act (TILA) section 129B(b)(1) that imposed new requirements for loan originators, including a qualifications requirement.  In 2013, the Bureau adopted amendments to Regulation Z that provide for mortgage loan originator requirements under TILA.

In accordance with these changes, Regulation Z requires a loan originator organization that employs an individual loan originator who is not licensed and is not required to by licensed pursuant to the SAFE Act to (i) complete screening of the individual prior to permitting the individual to act as a loan originator on a consumer credit transaction secured by a dwelling and (ii) to provide periodic training.

In addition to these requirements, the Bureau also took into consideration the SAFE Act’s preexisting screening and training requirements for loan originators.  EGRRCPA amended the SAFE Act to permit certain individuals who were previously registered or State-licensed for a certain period of time (in accordance with the SAFE Act) to act as a loan originator in a State, if they have applied for a loan originator license in the State.  These individuals are identified as “loan originators with temporary authority.”

The Bureau notes that the EGRRCPA amendments that provide for the “temporary authority” for certain loan originators is found under a section entitled “Eliminating Barriers to Jobs for Loan Originators.”  Additionally, the Bureau noted that it believes that Congress intended to allow a loan originator that satisfies certain enumerated criteria and who is transitioning to a new State to be able to begin acting as a loan originator in the application State with minimal burden and delay and before the State has completed all of its processes relating to determining whether to grant a State license.

 

 

 

 

 

 

Summary:  Request for Information Regarding the Integrated Mortgage Disclosures under the Real Estate Settlement Procedures Act (Regulation X) and the Truth in Lending Act (Regulation Z) Rule Assessment

12 CFR Part 1024 and 1026

Consumer Financial Protection Bureau

Prepared by the NASCUS Legislative & Regulatory Division

December 2019

The Consumer Financial Protection Bureau (CFPB) is conducting an assessment of its the Integrated Mortgage Disclosures under the Real Estate Settlement Procedures Act (Reg. Z) and the Truth in Lending Act (Regulation Z) otherwise known as the TRID disclosure rule.  The Bureau is requesting public comment on its plans for assessing this rule as well as certain recommendations and information that may be useful in conducting the planned assessment.

The Assessment and Request for Public Comments can be found here.  Comments are due to the Bureau no later than January 21, 2020.

Summary

 Background

Section 1022 (d) of the Dodd Frank Act requires the Bureau to conduct an assessment of each significant rule or order adopted by the Bureau under Federal consumer financial law.  The Bureau must publish a report of the assessment not later than five years after the effective date of such rule or order.  The assessment must address, among other relevant factors, the rule/order’s effectiveness in meeting the purposes and objectives of Title X of the Dodd Frank Act and the specific goals stated by the Bureau in the rule/order.  The assessment must also reflect available evidence and any data that the Bureau reasonably may collect.  In addition, before publishing a report of its assessment, the Bureau must invite public comment on recommendations for modifying, expanding or eliminating the rule/order.

The Bureau has determined that the TRID rule is a significant rule and will conduct an assessment accordingly.  The Bureau issued the final TILA-RESPA rule in 2013.  However, the bureaus amended the rule twice before its effective date.  The amended rule, which took effect on October 3, 2015 and is known as the TRID rule, will be the subject of this assessment.  The 2015 TRID rule was amended again in 2017 and 2018.  While such amendments are not intended to be the subject of this assessment, the Bureau has noted that it may consider certain amendments to the extent that doing so will facilitate a more meaningful assessment of the TRID rule and the data is available.

Assessments under Dodd Frank are for informational purposes only and are not part of a formal or informal rulemaking process under the Administrative Procedure Act. However, the Bureau does intend to consider relevant comments and other information received as it conducts the assessment and prepares the assessment report.  The Bureau anticipates the assessment report will be issued no later than October 3, 2020.

Assessment Process

As noted earlier, the assessment will examine whether or not the TRID rule has met the purposes and objectives of Title X of the Dodd Frank Act, as well as the specific goals specified within the TRID rule.  The Bureau intends to use a cost-benefit analysis to assess the effectiveness of the TRID rule.  Research questions under the Bureau’s assessment plan seek to quantify the costs/benefits of the TRID rule as implemented with a focus on:

• Effects on consumers;
• Effects on firms, particularly creditors, settlement service providers (including title agents), mortgage brokers, consumers and others; and
• Effects on markets related to mortgage origination.

 Request for Comments

 The Bureau invites the public to submit information and other comments relevant to the issues identified in the Request for Information (RFI), information relevant to enumerating costs and benefits of the TRID rule to inform the assessment’s cost-benefit perspective, and any other information relevant to assessing the effectiveness of the TRID rule in meeting the purposes and objectives of Title X of Dodd Frank and the specific goals of the Bureau.  The Bureau is seeking comment on the following:

• Comments on the feasibility and effectiveness of the assessment plan, the objectives of the TRID rule the Bureau intends to use in the assessment, and the outcomes, metrics, baselines and analytical methods for assessing the effectiveness of the rule;
• Data and other factual information that the Bureau may find useful in executing its assessment plan and answering related research questions, particularly research questions that may be difficult to address with the data currently available to the Bureau;
• Recommendations to improve the assessment plan, as well as data, other factual information and sources of data that would be useful and available to the Bureau to execute any recommended improvements to the assessment plan;
• Data and other factual information about the benefits and costs of the TRID rule for consumers, creditors, or other stakeholders;
• Data and other factual information about the effects of the Rule on transparency, efficiency, access and innovation in the mortgage market;
• Data and other factual information about the Rule’s effectiveness in meeting the purposes and objectives of Title X of the Dodd-Frank Act;
• Data and other factual information on the disclosure data set specified in the “Assessing Firm Effects” section;
• Comments on any aspects of the TRID rule that were or are confusing or on which more guidance was or is needed during implementation including whether the issues have been resolved or remain unresolved; and
• Recommendations for modifying, expanding, or eliminating the TRID rule.

 

 

 

 

NASCUS Summary

Executive Orders

E.O. 13891 Executive Order on Promoting the Rule of Law Through Improved Agency Guidance Documents; and

E.O. 13892 Executive Order on Promoting the Rule of Law Through Transparency and Fairness in Civil Administrative Enforcement and Adjudication

On October 9, 2019, the Trump Administration issued 2 Executive Orders related to guidance issued by Executive Agencies. As an independent agency, NCUA is not subject to the Executive Orders, however NCUA has traditionally adhered to such orders.

1. O. 13891 Executive Order on Improving the Rule of Law through Improved Agency Guidance Documents

 Executive Order 13891 mandates:

• Agencies gather all guidance in one place on their websites & review all existing guidance & rescind guidance that should no longer be in effect.
• Agencies adopt rules for issuing guidance that include with each piece of guidance a statement that the guidance is not binding; and a process for the public to appeal for guidance rescission.
• Classifies as “significant guidance” any guidance with an impact of $100 million or more on the economy. For significant guidance, mandates public notice and comment with a comment period no less than 30 days. Furthermore, “significant guidance” shall be reviewed by Office of Information and Regulatory Affairs (OIRA) under Executive Order 12866.

The Executive Order also contains numerous exceptions to the requirements that render its ultimate impact questionable. The Executive Order also mirrors a joint statement made by the Federal Banking Agencies in 2018.

 O 13892 Executive Order on Promoting the Rule of Law Through Transparency and Fairness in Civil Administrative Enforcement and Adjudication –

 The Executive Order prohibits agencies from using guidance documents to impose new standards or to make a determination that has legal consequences. Furthermore, the Order states that noncompliance with a guidance document alone may not be used as a regulatory violation and an agency may only cite a guidance document in enforcement actions only if it had previously published it.

 

Finally, the Order prohibits an agency from taking any action that has a “legal consequence” before providing the subject an opportunity to be heard regarding the agency’s legal and factual determinations.

 

-End-

NCUA Final Rule Summary

Part 701 and Part 741

Public Unit and Nonmember Shares

Prepared by NASCUS Legislative & Regulatory Affairs Department

November 2019

 NCUA has published a final rule amending its regulations in Part 701.32(b) limiting public unit and non-member deposits in federally insured credit unions (FICUs). These rules apply to federally insured state credit unions (FISCUs) by reference in §741.204.

The final rule:

• Raises the limit on public unit and non-member shares to 50% of the credit union’s paid-in and unimpaired capital and surplus less any public unit and non-member shares
• Eliminate the waiver process for deposits in excess of the new limit
• Require an FICUs to develop and maintain a written plan if its public unit and non-member shares, taken together with borrowings, exceed 70% of paid-in and unimpaired capital and surplus

The final rule may be read here. The final rule is effective January 29, 2020.

NASCUS note:: For FISCUs, NCUA’s rule serves as a limit only on the amount of non-member and public unit deposits that may be held as a share insurance matter. NCUA’s rule does not give FISCUs the authority to hold these accounts. The authority to for a FISCU to hold non-member shares or public unit deposits is a matter of state law.

Summary

Part 701 addresses two distinct issues:

• Deposits from non-members
• Deposits from public units, whether members or not

Federal credit unions, and many FISCUs, are authorized to accept deposits from certain non-members. In some cases, they are permitted to accept deposits from public units regardless of whether the public unit is a member of the credit union. In other cases, low income designated credit unions may accept deposits from non-members.

The final rule establishes limits on the amounts of BOTH public deposits and non-member deposits that me be held in a FICU.

Limits on the Amount of Public Deposits and Non-member deposits

NCUA’s limit on public unit deposits does not distinguish between deposits from a public unit that is a member of the credit union or deposits from a non-member public unit.

• The final rule provides that a FICU may receive public unit and nonmember shares in an amount up to 50% of the FICU’s net amount of paid-in and unimpaired capital and surplus less any public unit and nonmember shares.

Alternative Threshold $3 million

For smaller credit unions, where 50% of paid in capital would not provide sufficient capacity, NCUA has preserved the option for a credit union accept non-member and public deposits up to $3 million if that amount is greater than 50% of the FICU’s net amount of paid-in and unimpaired capital and surplus less any public unit and nonmember shares.

Waivers

NCUA’s final rule eliminates the §701.32(b) waiver provisions that had allowed a credit union to seek a higher limit of non-member and public deposits from the NCUA Regional Director. With the new higher limit, NCUA does not believe there is a need for credit unions to seek a waiver above the 50% threshold.

Plan Regarding Use of Funds

The final rule requires a FICU to develop a plan regarding the intended use of any borrowings, public unit, or nonmember shares that, taken together, exceed 70% of paid-in and unimpaired capital and surplus. Credit unions will not be required to submit plans to NCUA for approval. Rather, NCUA will review plans during the normal course of examination.

 

-End-

NCUA Final Rule

 Part 715 Supervisory Committee Audits and Verifications (By reference in §741.6 and §741.202)

Summary

Prepared by NASCUS Legislative & Regulatory Affairs Department

September 2019

NCUA has published a final rule amending its rules regarding required audits and account verifications for federally insured credit unions. NCUA’s audit rules are found in NCUA’s Rules and Regulations Part 715. For federally insured state credit unions (FISCUs), Part 715 is referenced in Parts 741.6 and 741.202.

NCUA’s final rule:

• Replaces the existing NCUA Supervisory Committee Guide with an expanded Appendix to § 715;
• Replaces the references to “federal credit unions” with “federally insured credit union”;
• Eliminates the specific deadline for the outside audit to be delivered to the credit union;
• Eliminates the Report on Examination of Internal Controls over Call Reporting [§715.7(b)] and the Balance Sheet Audit option [§715.7(a)] options

 NCUA’s final rule may be read here. The rule will be effective 90 days after publication in the Federal Register.  

 Summary

• Eliminating 2 alternatives to a financial statement audit

The final rule eliminates 2 options credit unions with less than $500 million in assets could use to meet the audit requirements of § 715. The first alternative allowed qualifying credit unions to obtain a Report on Examination of Internal Controls Over Call Reporting. However, NCUA noted that less than 1% of credit unions availed themselves of this option and therefore have eliminated it to streamline their rules and regulations.

Under the old § 715, credit unions with less than $500 million also had the option of performing a Balance Sheet Audit. NCUA is eliminating this option as well because a Balance Sheet Audit does not cover the credit union’s income statement nor does it reflect the current value of the credit union’s assets.

• Eliminate the Supervisory Committee Guide

NCUA will replace the Supervisory Committee Guide with an Appendix covering minimum supervisory committee audit requirements or outside auditor requirements when a qualifying credit union chooses an alternative to financial statement audit. The new Appendix will require the following minimum procedures:

• Review Board of Director minutes to determine whether there are any material changes to the credit union’s activities or condition that are relevant to the areas to be reviewed in the audit
• Test and confirm material asset and liability accounts including, at a minimum:
• Loans
• Cash on deposit
• Investments
• Shares
• Borrowings
• Test material equity, income, and expense accounts
• Test for unrecorded liabilities
• Review key internal controls including, at a minimum:
• Bank reconciliation procedures
• Cash controls
• Dormant account controls
• Wire and ACH transfer controls
• Loan approval and disbursement procedures
• Controls over accounts of employees and officials
• Other real estate owned
• Foreclosed and repossessed assets 28
• Test the mathematical accuracy of the ALLL account and ensure the methodology is properly applied
• Test loan delinquency and charge-offs

Note: While not expressly included in the new § 715 Appendix, NCUA states in the preamble to the final rule that the “supervisory committee audit must test employee and board compensation when it is a significant component of a FICU’s expenses – as the regulation requires the audit to include a test of “material equity, income, and expense accounts.” See page 13 of NCUA’s Board Action Memorandum on the final rule.

• Assistance from Outside, Compensated Person

NCUA has eliminated the current regulations requirement that an engagement letter specify a target date of delivery of written audit reports “not to exceed 120 days from the date of calendar or fiscal year-end under audit.” The new rule § 715.9(c)(6) will require that the retention letter with the outside auditor specify the delivery date of written reports so the credit union may meet its annual audit requirement.

 

-End-

NCUA Risk Alert: 19-Risk-01 Business Email Compromise Fraud

August 2019

 NCUA issued the first Risk Alert of 2019 to remind credit unions of the risks related to Business Email Compromise (BEC) fraud and steps that institutions should consider in order to mitigate the risk of falling prey to such scams.

 

BEC occurs when a criminal uses email to impersonate a legitimate business or person in order to request or access fraudulent payments. Criminals may compromise a victim’s email address or domain through social engineering or use publicly available services to spoof this information.

 

NCUA notes in its Risk Alert that the FBI has created a recovery asset team with a goal to quickly identify and freeze suspicious wire transfers before funds are transferred or removed from a suspect’s account.

 

NCUA provided the following recommendation for steps credit unions can take to mitigate the risk of BEC fraud:

 

• Never make a payment change without verifying the change with the intended recipient
• Verify the accuracy of email addresses when checking mail on a mobile device
• Use a two-step verification process to verify wire requests with members, and use information from previously known email addresses and phone numbers rather than what is provided in the wire transfer request
• Require staff to investigate and verify changes to members’ personal information or business practices of the credit union’s vendors or member business accounts
• Know the routines of members’ wire activity and contact them with any changes or concerns before sending a wire transfer
• Verify transaction details with the recipient bank before sending a suspicious wire transfer
• Use email spam filters to quickly identify potential fraudulent or spoofed emails
• Create rules in the credit union’s intrusion detection system to flag emails with extensions that are similar, but different to, your credit union or members
• Use caution posting information on social media and company websites, especially job duties/descriptions, hierarchal information, and out-of-office details
• Implement multi-factor authentication (MFA) for corporate e-mail accounts that requires at least two pieces of information to login (something a user knows, such as a password, and something a user has, such as a dynamic PIN)

 

Additional self-protection strategies may be found in the Justice Department’s publication “Best Practices for Victim Response and Reporting of Cyber Incidents.”

 NCUA recommends credit unions also consider:

• contact the originating financial institution as soon as possible to request a recall or reversal, as well as a Hold Harmless Letter or Letter of Indemnity
• determine whether a Suspicious Activity Report should be filed with FinCEN (FinCEN has issued an advisory on BEC fraud schemes)

NCUA last issued a Risk Alert in February of 2013 regarding denial of service attacks.

 

Proposed Rule Summary

Accuracy of Advertising & Notice of Insured Status

Prepared by NASCUS Legislative & Regulatory Affairs Department
October 2017

 

NCUA is proposing changes to its Advertising rule, Part 740. This rule applies to federally insured state credit unions (FISCUs) by reference in Part 741.211. NCUA is proposing the addition of a 4th short statement “Insured by NCUA” as well as proposing the expansion of the exemption from the advertising statement requirement regarding radio and television advertisements. NCUA is also proposing the elimination of the requirement to include the official advertising statement on statements of condition required to be published by law.

NCUA also seeks comments on whether Part 740 should be modified to accommodate new trends in advertising such as social media, texting, and mobile banking applications.

NCUA’s proposed rule may be read here. The proposed rule is open for comment until December 4, 2017.

Summary
NCUA’s advertising rule requires each federally insured credit union (FICU) to display NCUA’s official sign.

The rule also provides FICUs three options
when advertising:

• FICUs may include the statement ‘‘This credit union is federally insured by the National Credit Union Administration.’’
• FICUs may also use the shorter version ‘‘Federally insured by the NCUA.’’
• As a third option, the official sign may be displayed in advertisements in lieu of the advertising statement.

Part 740.5(c) exempts several kinds of advertisements from the requirement to use of the above 3 advertising statements:

• Radio advertisements that are less than 15 seconds in duration
• television advertisements that are less than 15 seconds in duration

NCUA notes that these exemptions are less robust than FDIC’s for banks, which exempt bank radio and television ads of 30 seconds or less. NCUA also currently requires the official advertising statement on statements of condition required to be published by law. FDIC does not.

NCUA now proposes:

• creating a 4th short statement for the official advertising statement, “Insured by NCUA”
• Extending the exemption from the official statement to radio or TV advertisements of 30 seconds or less
• Eliminating the requirement that the official advertising statement be included in required reports of condition

NCUA also seeks comments on whether its advertising rules should be modified to facilitate the trend in advertising via new types of social media, mobile banking, text messaging and other digital communication platforms, including Twitter and Instagram.

NASCUS note:

NCUA addressed “risks” with social media in a joint guidance with other federal bank regulators released in 2013.