Federally Insured Credit Union Use of Distributed Ledger Technologies

NCUA Letter to Credit Unions 22-CU-07: Federally Insured Credit Union Use of Distributed Ledger Technologies

NCUA has issued LTCU 22-CU-07 to address the increased use of financial technology by credit unions in their operations and clarify its expectations for credit unions contemplating the use of new or emerging distributed ledger technologies (DLT).  This is NCUA’s second LTCU on this issue, as LTCU 21-CU-16 was issued December 2021.

The LTCU identifies the agency’s expectations related to DLTs and explains that credit unions may appropriately use DLT as an underlying technology.  The following areas are considerations and NCUA’s expectations for FICUs, however, the NCUA notes this list should not be construed as all inclusive. Federally insured state-chartered credit unions should also look to their own state laws for permissibility prior to adopting DLT for existing operations.

Governance, Oversight and Planning

Project plans and risk assessments surrounding the implementation of a product, platform, or service using DLT should include the following at a minimum:

  • Credit union board of director awareness and oversight of all changes in technology, purposes of and how it aligns with the credit union’s strategic plan and approved risk tolerances.
  • Credit union staff and third parties using and managing the technology are complying with applicable laws and regulations and acting in a safe and sound manner.
  • Effective risk management practices are followed to identify, assess, and mitigate risks associated with DLT and the specific activities for which it will be deployed.
  • Risk assessment and audit functions can validate and attest to the effectiveness of risk-mitigation practices in accordance with internal policy and industry practices.

Risk and Risk-Mitigation Strategies

The LTCU also provides the specific questions that credit unions should consider as part of their due diligence efforts to ensure activities are permissible and in compliance with applicable laws and regulations.

  • What are the primary characteristics of the DLT network architecture?
  • Does the DLT exist within a private or public network?
  • Has the risk of compromise related to many points of entry (nodes) been assessed?
  • Are consensus mechanisms build into the DLT architecture immune to external exploitation?
  • How are permissions and identity management credentials managed?
  • By whom and how is governance over the network conducted?
  • What are the data quality control expectations among participants within the network?
  • Are DLT solutions deployed within a strictly governed coding process in accordance with industry leading practices?

Legal and Compliance Risk

  • Have the potential legal and compliance risks been assessed, including those related to maintaining confidentiality, privacy, data security, recordkeeping, and consumer and fraud protections?
  • When deploying the DLT, will the credit union comply with applicable laws and regulations, such as requirements of the Bank Secrecy Act (BSA), including customer due diligence, “Know Your Customer,” and anti-money laundering requirements?
  • Are each of the nodes on the DLT network BSA compliant?
  • If the application involves the use of smart contracts, is testing of the underlying architecture in place and documented? Has the credit union confirmed with whom and to what extent oversight, governance, and maintenance of the smart contract application reside and exist?

Strategic and Reputation Risk

  • Have potential strategic and reputational risks related to the DLT been identified, assessed, and mitigated?
  • Are consensus mechanisms built into the DLT architecture well understood by management?
  • Is a process in place to monitor emerging risks and changes in technology? Can the credit union or third-party apply changes in deployment and internal controls in response?
  • Do contracts with third-party vendors provide reasonable “exit strategies” in the event of deterioration in financial condition or service delivery by the vendor?

Liquidity Risk

  • Have potential liquidity risks been identified, assessed, and mitigated?

Third-Party Risk 

  • Have potential legal and compliance risks associated with new-entry participants and third-party agreements been assessed?
  • Have the appropriate due diligence steps been taken in the selection of the third party before entering a DLT arrangement? Has NCUA’s existing guidance on evaluating third-party relationships and third-party due diligence been reviewed?

Summary Guidance:
Interagency Question and Answers Regarding Flood Insurance

Prepared by NASCUS Legislative & Regulatory Affairs Department
May 2022

NCUA, together with the OCC, Federal Reserve Board, the FDIC, and FCA (together, the Agencies) have published revised guidance to assist lenders in meeting their responsibilities under Federal flood insurance law and increase public understanding of the Agencies’ respective flood insurance regulations.

In the 2021 proposed Q&A regarding private flood insurance and request for comment the Agencies indicated a plan to publish a final document in the Federal Register consolidating the proposed private flood insurance questions and answers, and the July 2020 questions and answers into one set of guidance. Those two documents have now been consolidated into one set of Interagency Questions and Answers Regarding Flood Insurance.  The new guidance replaces the previously published versions from 2009 and 2011.

Click here to download a pdf version of this summary. [PDF]

Summary

The newly consolidated guidance consists of 144 Questions and Answers (including 24 private flood insurance questions and answers). The full Q&A begins on page 153 covering a broad range of topics.  Some key topics addressed by the revisions include guidance related to amendments to the flood insurance laws as they apply to the escrow of flood insurance premiums, certain exemptions for detached structures, procedures for the force placement of insurance, and the acceptance of flood insurance policies issued by private insurers.

For ease of reference, the Agencies have reorganized the Q&As to provide a more “logical flow of questions through the flood insurance process for lenders, servicers, regulators, and policyholders.” Rather than numbering the Q&As successively through each category, each Q&A is designated by the category to which it belongs and then designated in numerical order for that category.

Furthermore, the Agencies have added three new Q&As, Applicability, Amount, and Condo and Co-op, to better address comments received and for organizational purposes.

The following table outlines the newly organized Section, specific category within that section and the number of questions per section.

 

Section Category No. of Questions
I Determining the Applicability of Flood Insurance Requirements for Certain Loans [Applicability] 15
II Exemptions from the Mandatory Flood Insurance Purchase Requirements [Exemptions] 7
III Private Flood Insurance – Mandatory Acceptance [Mandatory] 9
IV Private Flood Insurance – [Discretionary] 4
V Private Flood Insurance – General Compliance [Private Flood Insurance] 11
VI Required Use of Standard Flood Hazard Determination Form [SFHDF] 4
VII Flood Insurance Determination Fees [Fees] 2
VIII Flood Zone Discrepancies [Zone] 3
IX Notice of Special Flood Hazards and Availability of Federal Disaster Relief 7
X Determining the Appropriate Amount of Flood Insurance Required [Amount] 9
XI Flood Insurance Requirements for Construction Loans [Construction] 6
XII Flood Insurance Requirements for Residential Condominiums and Co-Ops [Condo and Co-Op] 6
XIII Flood Insurance Requirements for Home Equity Loans, Lines of Credit, Subordinate Liens, and Other Security Interests in Collateral Located in an SFHA [Other Security Interests] 12
XIV Requirement to Escrow Flood Insurance Premiums and Fees – General [Escrow] 7
XV Requirement to Escrow Flood Insurance Premiums and Fees – Small Lender Exception [Escrow Small Lender Exception] 7
XVI Requirement to Escrow Flood Insurance Premiums and Fees – Loan Exceptions [Escrow Loan Exceptions] 5
XVII Force Placement of Flood Insurance [Force Placement] 16
XVIII Flood Insurance Requirements in the Event of the Sale or Transfer of a Designated Loan and/or Its Servicing Rights [Servicing] 7
XIX Mandatory Civil Money Penalties [Penalty] 2

The following highlights pertinent sections of the Q&A for ease of reference.

Escrow of Flood Insurance Premiums

Requirement to Escrow Flood Insurance Premiums and Fees – General (Escrow)

Establishment of Escrow Accounts

  • Requirement for any designated loan secured by residential real estate or a mobile home that is made, increased, extended or renewed on or after 1/1/2016
  • A lender must escrow for flood insurance under the Regulation even if it does not escrow for taxes and insurance.
  • Lenders must escrow force-placed insurance – unless the lender qualifies for an exception.

Loan-related exceptions:

  • A loan is an extension of credit primarily for business, commercial, or agricultural purposes;
  • A loan that is in a subordinate position to a senior lien secured by the same property for which the borrower has obtained adequate flood insurance coverage;
  • A loan that is covered by a condo association, cooperative or homeowners association or other applicable group’s adequate flood insurance policy;
  • A loan that is a home equity line of credit;
  • A loan that is a nonperforming loan that is 90 days or more past due; or
  • A loan that has term not longer than 12 months.
  • Small lender exception
  • If a lender no longer qualifies for the small lender exception, it must escrow all premiums and fees for any flood insurance required

Subordinate Lienholder

  • Subordinate lienholders are not required to escrow for flood insurance as long as the borrower has obtained flood insurance coverage that meets the mandatory purchase requirement. The junior lienholder or its servicer must ensure that adequate flood insurance is in place.
  • If adequate insurance has not been obtained by the first lienholder and insurance must be purchased in connection with the second mortgage to meet the mandatory purchase requirement, the junior lender or its servicer would need to escrow the insurance obtained in connection with the second mortgage.
  • Does not apply to subordinate lien if subordinate lien is a HELOC

Requirement to Escrow Flood Insurance Premiums and Fees – Escrow Small Lender Exception (Escrow Small Lender Exception)

Small Lender Exception Applicability – on or after July 6, 2012

  • Lender was not required under Federal or State law to deposit taxes, insurance premiums, fees, or any other charges in an escrow account for the entire term of any loan secured by residential improved real estate or a mobile home; and
  • Did not have a policy of consistently and uniformly requiring the deposit of taxes, insurance premiums, fees or other charges in an escrow account for any loans secured by residential improved real estate or a mobile home

HMPL Loans

  • Federal law in effect on or before July 6, 2012, permitted a borrower to request cancellation of the escrow rather than apply for the entire term of the loan – therefore HPML escrow requirements would not result in the loss of the escrow exception for a small lender that made an HPML – covered loan prior to 1/6/ 2012

USDA/FHA Loans

Such loans under Federal law, require the deposit of taxes, insurance premiums, fees, and other charges in an escrow account for the entire term of the loan – therefore the small lender exception would not apply.

Option to Escrow Notice

  • Loans outstanding as of 1/1//2016, must receive notice only to lenders who have a change in status & no longer qualify for the small lender exception
  • Such lenders are required to provide the option to escrow notice by September 30 of the first calendar year in which the lender has had a change in status pursuant to the regulation.
  • The notice does not apply to outstanding loans or lenders that are excepted from the general escrow requirement under the regulation.
  • Option to escrow notice does not apply to loans that are not subject to the mandatory flood insurance purchase requirement.
  • Lenders that qualify for the small lender exception are not required to provide borrowers the escrow notice or the option to escrow unless the lender no longer qualifies for the small lender exception.

Waiver of Escrow

  • If a borrower waives escrow of flood insurance premiums and fees, the lender exception for sending a notice no longer applies. The Regulation does not exclude loans for which borrowers have previously waived escrow from the requirement to offer and make available the option to escrow flood insurance premiums and fees.
  • Lenders/Servicers must send a notice of the option to escrow to borrowers who waived escrow

Requirement to Escrow Flood Insurance Premiums and Fees – Escrow Loan Exceptions

Exceptions

  • Extensions of credit primarily for business, commercial or agricultural purposes are not subject to the escrow requirement for flood insurance premiums and fees, even if such loans are secured by residential improved real estate or a mobile home.
  • Escrow requirements would not apply to a loan secured by a particular unit in a multi-family residential building if a condo association, cooperative, homeowners association, or other applicable group provides an adequate policy and pays for the insurance as a common expense.
  • Construction to permanent loans do not qualify for the 12-month exception from escrow, even if one phase of the loan is 12 months or less, given that these loans are generally 20 – 30-year loans. A 12-month phase is not considered a true closing.
  • If at any time during the term of the loan a lender determines that a subordinate lien exception no longer applies, the lender must begin escrowing flood insurance premiums and fees as soon as reasonably practicable (unless another exception applies).
  • Lenders should ensure that loan documents for subordinate liens permit the lender to require an escrow if the loan takes a first lien position.
Exemptions for Detached Structures

Exemptions from the Mandatory Flood Insurance Purchase Requirements

Detached Structures

  • The Regulation does not apply a structure that is detached from the primary residential structure and does not serve as a residence.
  • A borrower may still elect to purchase flood insurance
  • The lender does not have to take a security interest in the primary residential structure for detached structures to be eligible for exemption.
  • The term “a structure that is part of a residential property” in the detached structure exemption applies only to structures for which there is a residential use and not to structures for which there is a commercial, agricultural or business use.
  • A flood hazard determination is required even when the secured property contains detached structures for which coverage is not required, in order to determine whether a building or mobile home securing a loan is or will be located in an SFHA.
  • If a borrower has flood insurance on a detached structure that is part of the residential property but does not serve as a residence, the lender is no longer mandated by the Act to require flood insurance on that structure and may allow the borrower to cancel the policy.
  • If a triggering event occurs the lender is required to examine the status of detached structures to determine whether the structure exemption still applies.
Procedures for Force Placement of Insurance

Force Placement of Flood Insurance – Force Placement

Force Placement

  • When a lender makes the determination that the collateral securing the loan is uninsured or underinsured, it must begin the force placement process. The lender or servicer must notify the borrower that the borrower must obtain flood insurance, at the borrower’s expense, in an amount at least equal to the minimum amount required under the regulation.
  • If the borrower fails to obtain appropriate insurance within 45 days of the lender’s notification the lender must purchase flood insurance on the borrower’s behalf.
  • It must be the full amount required under Regulation
  • The lender must provide notice to the borrower of force placement of insurance upon making the determination that the loan is not covered by flood insurance or in an amount less that the amount required
  • When force placement occurs, the Regulation requires a minimum amount of flood insurance to be “at least equal to the lesser of the outstanding principal balance of the designated loan or the maximum limit of coverage available for the particular type of property under the Act.”

Charging for Force Placed Insurance – What is considered a triggering event?

  • Capitalizing the premium and fees into outstanding principal balance
  • If the lender’s loan contract with the borrower includes a provision permitting the lender to advance funds for flood insurance as additional debt to be secured by the building/mobile home – such an advancement would be considered part of the loan and would not be considered a triggering event.
  • IF there is no explicit provision permitting this type of advancement of funds in the loan contract the capitalization of premiums would be considered an “increase” in the loan amount and thus considered a triggering event because no advancement of funds was contemplated as part of the loan.
  • Adding the premium and fees to a separate account
  • If the lender accounts for and tracks the amount owed on force placed insurance premiums and fees in a separate account, this is not considered a triggering event
  • Advancing funds from the escrow account to pay for the premium and fees
  • If the lender’s contract permits the advancement of premiums from the borrower’s escrow account – this is not considered a triggering event
  • Billing the borrower directly for the premiums and fees
  • If the lender bills the borrower directly for the cost of force placed insurance, this is not considered a triggering event

Refunding premiums

  • The Regulation requires the refund of force placed insurance premiums and any related fees charged to the borrower for any overlap period within 30 days of receipt of a confirmation of a borrower’s existing flood insurance coverage without exception.

Expiration

  • The Regulation does not require a lender to send a notice to the borrower prior to renewing a force placed policy. The lender may notify the borrower if they are planning to renew or have renewed the policy.

Monitoring Coverage

  • There is no regulatory requirement to monitor coverage over the life of the loan. For purposes of safety and soundness many lenders choose to monitor for continuous coverage.
Acceptance of Private Flood Insurance

Private Flood Insurance – Mandatory Acceptance

  • Lenders are only required to accept flood insurance policies issued by a private insurer that meet the definition of private flood insurance under the Regulation, as long as the policy meets the amount of insurance required.
    • A lender is not required to accept flood insurance that only meets the criteria set forth in discretionary acceptance.
  • Lenders are not required to originate a loan that does not meet their underwriting criteria, e.g., a loan in non-participating communities or coastal barrier regions where the NFIP is not available.

Use of Compliance Statement

  • A lender may choose to rely upon the compliance aid statement and would not need to review the policy further to determine if the policy meets the definition of “private flood insurance.”
    • A lender may not reject the policy solely on the lack of the compliance aid statement and not required to accept it on the statement alone, but rather may choose to review the policy in its entirety to determine if it meets the definition of “private flood insurance.”
  • In order for the lender to rely on the compliance aid statement without further review of the policy, the language of the statement must be stated in the policy, or as an endorsement to the policy.
    • If the language is different the lender cannot rely on the protections of the compliance aid statement.

Private Flood Insurance – Discretionary Acceptance

Policy acceptance

  • Lenders are not required to accept flood insurance policies that only meet the discretionary criteria. Discretionary criteria are set forth in the Regulation
    • It is at the lender’s discretion to accept a policy that meets the discretionary acceptance criteria
  • If a lender accepts a policy that they determine meets the discretionary criteria the lender must document its conclusion in writing that the policy provides sufficient protection of the loan, consistent with general safety and soundness principles.

Factors to consider:

  • A policy’s deductible is reasonable based on the borrower’s financial condition;
  • The insurer provides adequate notice of cancellation to the mortgagor and mortgagee to allow for timely force-placement of flood insurance, if necessary
  • The terms and conditions of the policy, with respect to payment per occurrence or per loss and aggregate limits, are adequate to protect the regulated lending institution’s interest in the collateral;
  • The flood insurance policy complies with applicable State insurance laws; and
  • The private insurance company has the financial solvency, strength, and ability to satisfy claims.

Private Flood Insurance – General Compliance

Maximum Deductible

  • For purposes of compliance with the mandatory acceptance provision, the Regulation provides that a policy must provide coverage at least as broad as the coverage provided under an SFIP for the same type of property, including a deductible that is no higher than the specified amount under an SFIP for any total coverage amount up to the maximum available under the NFIP at the time the policy is provided to a lender.
  • The lender should consider whether the deductible is reasonable based on the borrower’s financial condition and other factors.
  • If a lender is accepting a private flood insurance policy under the mandatory acceptance provision, the Regulation requires that the private flood insurance policy be at least as broad as an SFIP, which includes a requirement that the private flood insurance policy contain a deductible no higher than the specified maximum deductible for an SFIP

Private Flood Insurance & Secondary Market Investors

  • The requirements for secondary market are separate from Regulation and lenders must comply with Federal flood insurance requirements.
  • Lenders should carefully review the separate requirements for secondary market investors to determine what is acceptable regarding private flood insurance if the lender plans to sell the loan to such investors.

New Policy

  • Any time a borrower presents the lender with a new flood insurance policy issued by a private insurer the lender must review the policy to determine whether it meets the private flood insurance requirements.

 

CFPB Summary: Advisory Opinion re: Equal Credit Opportunity Act (ECOA) Revocations/Change of Terms

12 CFR Part 1002

The Consumer Financial Protection Bureau (CFPB) issued an advisory opinion to affirm that the Equal Credit Opportunity Act (ECOA) and Regulation B protects not only those actively seeking credit but also those who sought and have received credit.

The advisory opinion became effective on May 18, 2022 and may be accessed here.

Summary

  • The Bureau notes that Congress enacted the ECOA in 1974 to (initially) address discrimination with regard to granting credit to women. From the start, the prohibition was designed to protect consumers actively seeking credit and those who have sought and received credit.  Accordingly, the Bureau notes that the ECOA defined “applicant” as “any person who applies to a creditor directly for an extension, renewal, or continuation of credit or applies to a creditor indirectly by use of an existing credit plan for an amount exceeding a previously established credit limit.” The opinion notes that the drafters of the statute emphasized that the ECOA’s prohibition on discrimination applied to all credit transactions including the approval, denial, renewal, continuation or revocation of any open-end consumer credit account.
  • The opinion notes that Regulation B has always defined the term “credit transaction” to encompass “every aspect of an applicant’s dealings with a creditor,” including elements of the transaction that take place after credit has been extended. In addition, Regulation B has always defined the term “applicant” to include those who have applied for and have received credit.
  • The ECOA’s disclosure provision also requires creditors give a statement of reasons to “each applicant against whom they take “adverse action,” which is defined by the Act to include “a revocation of credit as well as a change in the terms of an existing credit arrangement.”
  • The opinion notes that this interpretation is reflected in the Bureau’s Supervision and Examination Manual and is supported by the statutory text, legislative history and legal analysis.
  • This advisory opinion is applicable to all “creditors” as defined under Section 702 of the ECOA.
Joint Proposed Rule Summary: Rules of Practice and Procedure

NASCUS Legislative and Regulatory Affairs Department | May 14, 2022

The NCUA, OCC, FDIC, and Federal Reserve have published a joint Notice of Proposed Rulemaking: Rules of Practice and Procedure. If finalized, the proposal would amend the Uniform Rules of Practice and Procedure to “recognize the use of electronic communications in all aspects of administrative hearings and to otherwise increase the efficiency and fairness of administrative adjudications.”

In addition, the OCC, Federal Reserve, and FDIC are proposing to modify each of their respective administrative practice and procedure rules. Occ also intends to integrate its rules with the Uniform Rules so that only one set of rules would apply to national banks and Federal savings associations.

The deadline to submit a comment is June 13, 2022. The proposed rule may be read in its entirety here.

Summary

The Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA) required NCUA, the federal banking agencies (FBAs) to develop uniform rules and procedures for administrative hearings. In August 1991, NCUA and the FBAs each adopted final Uniform Rules as well as agency specific rules. Amendments to those rules were made in 1996, but otherwise the rules have remained generally unchanged.

Prior to 2005, NCUA and the FBAs only accepted paper pleadings. However, beginning in 2005, the Office of Financial Institution Adjudication (OFIA) established a dedicated electronic mailbox to accept electronic pleadings and service and, by 2006, paper pleadings were virtually eliminated in administrative hearings. Without rules in place to address electronic pleadings, the Administrative Law Judges (ALJs) opted to dictate procedures pertaining to electronic filing and other items on an ad hoc basis.

The changes proposed by this rule would modify the Uniform Rules to accommodate electronic pleadings and communications in administrative hearings and make other improvements based on NCUA’s and the FBA’s experience gained over the past years. References to the Office of Thrift Supervision (OTS) would be removed as OTS was abolished in 2011. In addition, the OCC, Federal Reserve, and FDIC propose to amend certain sections of their Local Rules that they believe should be updated, improved, or clarified and the OCC proposes to consolidate its uniform and local rules.

Proposed changes include:

  • Terminology and Nomenclature – Gender specific references would be replaced with gender neutral terminology consistent with Federal Register drafting guidelines (see https://www.archives.gov/federal-register/write/legal-docs/clear-writing.html). The word “shall” will be replaced by the terms ‘‘must,’’ ‘‘will,’’ or other appropriate language and the abbreviation ‘‘ALJ’’ will be used for ‘‘administrative law judge.’’
  • Civil Money Penalties & HOLA – the list of civil money penalties will be updated to include §5, §9, and §10 of the Home Owners’ Loan Act (HOLA).
    This update does not affect credit unions as the relevant sections of HOLA are applicable to Federal savings associations now supervised by the OCC, State-chartered savings associations now supervised by the FDIC, and savings and loan holding companies supervised by the Federal Reserve Board.
  • References to OTS will be deleted.
  • Electronic Signatures – a definition of the term ‘‘electronic signature’’ will be added in the definitions section to align with proposed changes allowing electronic signatures to be used to satisfy good faith certification requirements.
  • Administrative Law Judges – the term ‘‘other orders’’ would be added to the list of specific orders an ALJ is authorized to issue, quash, or modify to clarify that the authority of the ALJ to issue orders is not limited to subpoenas, subpoenas duces tecum, and protective orders. To improve clarity, the term ‘‘presiding officer’’ would be replaced by ‘‘ALJ.’’
  • Appearances in Person – changes would simplify this section to make clear that an individual may appear on their own behalf. Another change would require a notice of appearance include a written acknowledgment that the individual has reviewed and will comply with the Uniform Rules and Local Rules.
  • Good Faith Certification – proposed changes would require that the counsel of record, including an individual who acts as their own counsel, include a mailing address, an electronic mail address, and a telephone number with every certification. Other changes would permit electronic signatures to satisfy the signature requirements of the certification.
  • Ex Parte Communications – changes would clarify that upon the occurrence of ex parte communication, the ALJ or the Agency Head must determine whether any action in the form of sanctions should be taken concerning the ex parte communication. To better align the Uniform Rules with §5 of the Administrative Procedure Act, language would be added stating that the ALJ may not consult with a person or party on a fact in issue without giving all parties notice and an opportunity to participate and may not be responsible to or subject to the supervision or direction of an employee agent engaged in the performance of investigative or prosecuting functions for any of the Agencies. Finally, terminology would changed to refer to “administrative” or “judicial” proceedings rather than “public” proceedings.
  • Filing of Papers – this section would be updated to remove outdated references to transmission by electronic media and replace it with a section stating that filing may be accomplished by electronic mail or other electronic means designated by the Agency Head or the ALJ. Furthermore, references to specific carriers and names mail delivery services would be changed to generic references. Changes to the section related to the filing of papers would require inclusion of:
    • mailing address
    • electronic mail address
    • telephone number of the counsel or party making the filing.

The provision requiring copies to be filed will be deleted.

  • NCUA would delete from its rules references to change-in-control proceedings from part 747 which do not apply to credit unions.
  • Service of Papers – proposed changes would provide for electronic filing and simplify and update the descriptions for other, non-electronic, means of filing. Additional changes would mandate that any papers required to be served by the Agency Head or the ALJ upon a party that has appeared in the proceeding will be served by electronic mail or other electronic means. Non-electronic methods of service will be preserved as an option for parties that do not appear in person.
  • Construction of Time Limits – changes would establish that papers transmitted electronically are deemed filed/served upon transmittal by the serving party. Existing times for non-electronic methods of filing and service would be retained. In the case of service by electronic mail or other electronic means, the time limits for responding would be calculated by adding one calendar day to the prescribed period. In the case of overnight mail service, the rule would provide for the addition of two calendar days, rather than one, and the addition of three calendar days for service made by mail.
  • Witness Fees and Expenses – the proposal would clarify that all witnesses, including an expert witness who testifies at a deposition or hearing, will be paid the same fees for attendance and mileage as are paid in US District court proceedings when US is a party. Additional changes would clarify that NCUA and FBAs are not required to pay witness fees/mileage for testimony by a party.
  • Opportunity for Informal Settlement – this provision would be amended to clarify the existing rule that an offer or proposal for informal settlement may only be made to Enforcement Counsel.
  • Commencement of Proceeding and Contents of Notice Section – proposed changes related to service of notice to the proceedings include:
    • Enforcement Counsel may serve the notice upon counsel for the respondent, rather than the respondent
    • Clarification that notice pleading applies in administrative
    • Change “a statement of the matters of fact or law showing the [Agency] is entitled to relief’’ to simply ‘‘matters of fact or law showing that the [Agency] is entitled to relief.’’
  • Answer – proposed amendment will establish an unappealable default judgment in favor of the Agency if a respondent fails to request a hearing as required by law within the applicable time frame.
  • Scope of Document Discovery – proposed change would update the definition of the term ‘‘documents’’ in § ll.24(a)(1) to include not only writings, drawings, graphs, charts, photographs, and recordings, but electronically stored information and data or data compilations stored in any medium from which information can be obtained. Additional proposed changes would clarify the list of privileges applicable to otherwise discoverable documents:
    • attorney-client privilege and the work-product doctrine
    • bank examination privilege
    • law enforcement privilege

Furthermore, the proposal would require that document discovery, including all responses to discovery requests, completed by the date set by the ALJ and no later than 30 days prior to the date scheduled for the start of the hearing.

  • Request for Document Discovery by Parties- under the proposal, this section would be reorganized and renamed ‘‘Document requests.’’ In addition, proposed changes would add a paragraph stating that a party may serve another party a request to not only produce discoverable documents but to permit the inspection or copying of discoverable documents. New language would also allow a party responding to a request for inspection to produce electronically stored information instead of permitting inspection and would require that, unless a particular form is specified by the ALJ or agreed upon by the parties, the producing party must produce copies of documents as they are kept in the usual course of business. The producing party would pay its own costs to respond to a discovery request unless otherwise agreed by the parties. Finally, the proposal would specify the following privileges related to document production requests:
    • attorney-client privilege and work product doctrine,
    • bank examination privilege
    • law enforcement privilege
    • government deliberative process privilege
    • and any other privileges of the Constitution, any applicable act of Congress, and other principles of common law
  • Document Subpoenas to Non-Parties – proposed amendment would allow a person subpoenaed for documents to file a motion to quash or modify such subpoena with the ALJ.
  • Deposition of Witness Unavailable for Hearing – the proposed changes would require that the application for a subpoena state the manner in which the deposition is to be taken, in addition to the time and place, and provide explicitly that a deposition may be taken by remote means. Additional changes provide that a court reporter or other person authorized to administer an oath may administer the oath remotely without being in the physical presence of the deponent and provides for obtaining court ordered compliance with issued subpoenas.
  • Summary Disposition – proposed changed would require that a request for a hearing on a motion be made in writing. This change will formalize the process of requesting a hearing and increase the clarity of the process.
  • Scheduling and Prehearing Conferences – changes would clarify that a prehearing conference must be set within 30 days of service of the notice, or an order commencing a proceeding and eliminate the option in the current rule for the parties to agree on another time. References to telephone conferences would be eliminated to make the provision technology neutral.
  • Prehearing Submission – the time for a party to file prehearing submissions with the ALJ would be extended from 14 days to 20 days before the start of the hearing. Additional changes would require the submission of a prehearing statement that states the party’s position with respect to the legal issues presented, the statutory and case law upon which the party relies, and the facts the party expects to prove at the hearing. Also, final witness lists, must include the name, mailing address, and electronic mail address for each witness. Further clarifications would make clear the witness list need not identify the exhibits to be relied upon by each witness.
  • Conduct of Hearings – new rules would the ALJ to establish procedures for the use of electronic presentations.
  • Evidence Section – the proposal would replace the terminology ‘‘direct interrogation” with the term “direct questioning.”

Letter to Credit Unions 22-CU-06: NCUA to Begin Phase 2 of Resuming Onsite Operations
April 2022

Based on new guidance from the Centers for Disease Control and Prevention (CDC) and the Safer Federal Workforce Task Force, the NCUA will enter the second phase (Phase 2) of resuming its onsite operations on April 11, 2022.

Phase 2 permits NCUA staff to volunteer to work onsite, including conducting examination and supervision work at credit unions located in counties with low or moderate COVID-19 community levels, as defined by the CDC. Onsite work in counties with high COVID-19 community levels may be allowed when necessary and with prior approval from NCUA management.

During Phase 2, the agency will continue to conduct examination steps offsite when feasible and appropriate. NCUA staff working onsite in credit unions will generally be expected to follow credit union policies related to safety, to the extent they exceed the NCUA’s safety protocols for Phase 2. Also, the NCUA will continue to maintain heightened safeguards in the agency’s facilities to ensure the health and safety of staff and visitors. The agency will continue to monitor the course of the pandemic closely and adjust workforce safety plans, as necessary.

 

Letter to Credit Unions 22-FCU-02: Final Rule on Definition of Service Facility
March 2022

The final rule amending the definition of “service facility” for multiple common-bond FCUs became effective December 27, 2021. The final rule provides that shared locations are service facilities for purposes of multiple common-bond FCU additions of groups and/or underserved areas, regardless of whether the FCU has an ownership interest in the shared branching network providing the locations. Qualifying shared locations include electronic facilities offering required services such as video teller machines.

The final rule only changes the ownership requirement related to shared locations. All other requirements related to service facilities, eligibility of groups, and the qualifications of underserved areas remain unchanged.

The letter outlines requirements for multiple common-bond FCUs looking to add occupational or associational groups, or an underserved area. NCUA emphasizes that the process for establishing an area qualifying as an underserved area remains the same. The agency also notes that it will remove an underserved area from an FCU’s field of membership and reserves the right to take other supervisory action if it determines that an FCU has not maintained a service facility in the underserved area.

Finally, multiple common-bond FCUs expanding around a shared facility must continue to comply with all applicable consumer financial protection and anti-discrimination laws.

NCUA Risk Alert: 22-RISK-01 Heightened Risk of Social Engineering and Phishing Attack

March 2022

The on-going conflict in Ukraine has raised concerns about potential cyberattacks in the U.S., including those against the financial services sector. All credit unions and vendors, regardless of size, are potential targets for cyberattacks, like social engineering and phishing attacks, and must remain vigilant. Credit unions should report any cyber incidents to the NCUA, your local FBI field office or the Internet Crime Complaint Center, and the Cybersecurity and Infrastructure Security Agency (CISA).

Phishing is a technique that uses email or malicious websites to solicit personal information or to get victims to download malicious software by posing as a trustworthy entity. Another variant of phishing, known as smishing, uses SMS or other text messaging applications to get victims to click on malicious links to achieve similar goals to email phishing. NCUA’s Risk Alert outlines common indicators to watch out for along with tips to avoid being a victim of phishing.

The NCUA encourages credit unions to review CISA’s Shields-Up website, which provides information about cybersecurity threats, including several resources and mitigation strategies. The NCUA recently created the Automated Cybersecurity Evaluation Toolbox or ACET, a free tool for federally insured credit unions to use when evaluating their levels of cybersecurity preparedness. The ACET is a downloadable, standalone app developed to be a holistic cybersecurity resource for credit unions.

Additional cybersecurity resources are also available at www.ncua.gov/cybersecurity.

CFPB-2022-0002: Notice and Request for Comment Regarding CFPB’s Inquiry into Buy-Now-Pay-Later (BNPL) Providers

In December 2021, the Consumer Financial Protection Bureau (CFPB) opened market monitoring orders, inquiring into Buy-Now-Pay-Later (BNPL) products in the United States to gain information about the size, scope and business practices of the BNPL market.  The information will help the Bureau better understand how consumers interact with BNPL providers and how BNPL business models impact the broader e-commerce and consumer credit marketplaces.

Comments are due on March 25, 2022.  The notice and request for comments can be found here.

Summary

The Bureau’s market monitoring orders required five providers of BNPL products in the US to provide information about their size, scope, and business practices.  The Bureau listed six areas of specific interest:

  • Business model and transaction metrics
  • Loan performance metrics
  • Consumer protections
  • User contacts and demographics
  • Data harvesting
  • Data monetization

The Bureau invites all interested parties to submit comments to inform the agency’s inquiry.  In addition, the Bureau encourages comments re: particular aspects of BNPL products such as:

  • The consumer experience with BNPL products
  • The benefits/risks from BNPL products to consumers
  • The merchant experience with BNPL products
  • Regulator/Attorneys General perspectives on BNPL products
  • Ways the BNPL market can be improved
Letter to Credit Unions 22-CU-02 NCUA’s 2022 Supervisory Priorities
January 2022

NCUA’s Letter to Credit Unions (LTCU) 22-CU-02 identifies the agency’s supervisory priorities for 2022, which include:

Credit Risk Management

NCUA examiners will continue to review credit unions’ credit risk-management and mitigation efforts with the expectation that credit unions’ risk management practices will be commensurate with the level of complexity and nature of their lending activities. An area of emphasis for NCUA will be credit unions’ controls, reporting, and tracking of programs to help distressed borrowers.

For more information, see the Joint Statement on Additional Loan Accommodations Related to COVID-19, NCUA Letter to Credit Unions, 20-CU-13, Working with Borrowers Affected by the COVID- 19 Pandemic; and The Lending Programs section on the NCUA’s FAQs.

Information Security (Cybersecurity)

NCUA will continue to develop and pilot information security examination procedures tailored to credit unions of various sizes and complexity. NCUA’s goal is to have these procedures finalized this year. In 2021, NCUA released the ACET application, allowing credit unions of all sizes to conduct voluntary maturity assessments that align with the FFIEC cyber assessment tool (the CAT). More information on cybersecurity is available on NCUA’s Cybersecurity Resources webpage.

Payment Systems

Citing the growing complexity Payment products, services, and operations is a growing area of complexity and risk for credit unions and consumers. As the retail payments landscape increasingly shifts and grows to meet consumer demand for easier and faster electronic access to and settlement of funds, the corresponding risk to credit unions and their members also increases. Today’s environment of easy and fast electronic processing of transactions relies on technology, the applications and their controls, and the underlying security of the platforms facilitating the transactions. The changes in payment systems increase the risk of fraud, illicit use, and breaches of data security. The NCUA will include an increased focus in this area.

Bank Secrecy Act Compliance and Anti-Money Laundering/Countering the Financing of Terrorism

BSA/AML/CFT reviews are included in every NCUA exam scoping. As a result of the Anti-Money Laundering Act of 2020 (AML Act) and the Corporate Transparency Act (CTA), there will be several new requirements for credit unions to update their risk-based BSA/AML/CFT policies, procedures, and processes throughout 2022.

Capital Adequacy and Risk-Based Capital Rule Implementation

NCUA examiners will continue to evaluate credit unions’ responses to the pandemic and credit unions pandemic relief efforts’ efforts on their capital position and financial stability. In addition, NCUA notes that complex credit unions ($500m+ assets as of most recent 5300 report) are now subject to the final risk-based capital rule.

NCUA examiners will review the accuracy of complex credit unions’ reporting for the new data elements required in the risk-based capital schedule of the March 31, 2022, Call Report.

Loan Loss Reserving

For loan loss reserving, credit unions are required to implement the Financial Accounting Standards Board’s Accounting Standards Update No. 2016-13, Topic 326 (CECL) by January 1, 2023. Credit unions that have yet to adopt CECL will follow FASB Accounting Standards Codification (ASC) Subtopic 450-20 (loss contingencies) and/or ASC 310-10 (loan impairment). NCUA examiners will discuss a credit union’s plans for implementation of CECL (if applicable).

While FCUs with less than $10 million in assets are not required to follow generally accepted accounting principles (GAAP) nor adopt CECL, they must have a reasonable reserve methodology that adequately covers known and probable loan losses.

FISCUs with less than $10m in assets follow state law with respect to GAAP compliance and subsequently CECL implementation.

When evaluating a credit union’s ALLL, NCUA examiners will review:

  • The credit union’s ALLL policies and procedures;
  • The credit union’s documentation of its ALLL reserving methodology, including modeling assumptions and qualitative factor adjustments;
  • The credit union’s adherence to GAAP (if applicable); and
  • The independent review of credit union reserving methodology and documentation practices by its internal committee (Supervisory or Audit Committee or like committee) or external auditor.

For more information, see Interagency Statement on Loan Modifications and Reporting for Financial Institutions Working with Customers Affected by the Coronavirus (Revised). CECL resources include:

Consumer Financial Protection

For FCUs, NCUA will continue to examine for compliance with applicable consumer financial protection laws and regulations with a focus on:

  • COVID-19 pandemic
  • Fair lending
  • Servicemembers Civil Relief Act
  • Fair Credit Reporting Act
  • Overdraft programs

Loan Participations

NCUA examiners will verify that credit unions have evaluated the risk in loan participation transactions and evaluate how that risk fits within the tolerance levels established by the credit union’s board. NCUA reminds credit unions:

  • At a transactional level, each loan participation must have separate and distinct records for individual payments, including principal, interest, fees, escrows, and other information relating to individual loans.
  • While remittances to the credit union may come in a single payment, credit unions must reconcile this information to the servicer’s records and follow prudent third-party due diligence practices when purchasing loan participations.

Fraud

Noting that the offsite posture of many credit unions throughout the pandemic has increased the potential for fraud, NCUA examiners will review credit union efforts to deter and detect fraud, including internal controls, separation of duties, and transaction testing.

LIBOR Transition

NCUA will be focusing on credit unions with significant LIBOR exposure or inadequate fallback language. NCUA’s Letter to Credit Unions, 21-CU-03, LIBOR Transition and Supervisory Letter, 21-01, Evaluating LIBOR Transition Plans, provide the supervisory framework NCUA examiners will continue to use to evaluate a credit union’s risk management processes and planning related to the end of LIBOR. Credit unions can continue using NCUA’s LIBOR Assessment Workbook for assistance and refer to the July 2020 and the October 2021 releases for additional guidance.

Interest Rate Risk

NCUA will be focusing on IRR and implementing the CAMELS system in 2022 (24 states already use CAMELS). To review NCUA’s Examiner’s Guide chapter on IRR, see here. NCUA will begin using the “S” rating for examinations starting on or after April 1, 2022. The evaluation of the “S” component reflects the credit union’s exposure to changes in its earnings and capital position arising from changes in market prices and interest rates. In evaluating the “L” component to determine the adequacy of a credit union’s liquidity profile, NCUA examiners will consider the current and prospective sources of liquidity compared to funding needs.

Exam Program Updates:

NCUA also provided updates on several agency initiatives related to NCUA’s exam program:

NCUA Connect & MERIT

In 2021, the NCUA trained all NCUA and state regulator users on its new examination platform, the Modern Examination and Risk Identification Tool (MERIT) and associated systems. Additional information about these modernized tools can be found on the NCUA’s website.

Recording of Official Meetings

NCUA issued notice to FCUs that per its Examiner’s Guide, FCUs FCUs may record their exit meetings with NCUA examiner’s permission (which should generally be given).

CFPB 2022-0003: Request for Information Regarding Fees Imposed by Providers of Consumer Financial Products/Services

The Consumer Financial Protection Bureau (CFPB) is seeking comments from the public related to fees that are not subject to competitive processes that ensure fair pricing.  The submissions to this request for information will serve to assist the CFPB and policymakers in exercising its enforcement, supervision, regulatory and other authorities to create fairer, more transparent and competitive consumer financial markets.

Comments are due by March 31, 2022.  You can access the RFI here.

Summary

The CFPB is concerned that “exploitative junk fees” charged by banks and non-bank financial institutions have become widespread, with the potential effect of shielding substantial portions of the true price of consumer financial products/services from competition.  The Bureau is seeking information from the how such fees have impacted their lives.  The Bureau is particularly interested in hearing from individuals (including older consumers, students, servicemembers, consumers of color and lower-income consumers), social services organizations, consumer rights and advocacy organizations, legal aid attorneys, academics/researchers, small businesses, financial institutions and state/local government officials.

The Bureau has posed specific questions below.  However, the Bureau is interested in receiving any comments related to fees in consumer finance.

  • If you are a consumer, please tell us about your experiences with fees associated with your bank, credit union, prepaid or credit card account, mortgage, loan or payment transfers including:
    • Fees for things you believed were covered by the baseline price of a product/service
    • Unexpected fees for a product or service
    • Fees that seemed too high for the purported service
    • Fees where it was unclear why they were charged
  • What types of fees for financial products/services obscure the true costs of the product/service by not being built into the upfront price?
  • What fees exceed the cost to the entity that the fee purports to cover? For example, is the amount charged for NSF fees necessary to cover the cost of processing a returned check and associated losses to the depository institution?
  • What companies or markets are obtaining significant revenue from backend fees, or consumer costs that are not incorporated into the sticker price?
  • What obstacles, if any, are there to building fees into up-front prices consumers shop for? How might this vary based on the type of fee?
  • What data and evidence exist with respect to how consumers consider back-end fees, both inside and outside of financial services?
  • What data and evidence exist that suggest that consumer do, or do not, understand fee structures disclosed in fine print or boilerplate contracts?
  • What data and evidence exist that suggest consumers do or do not make decisions based on fees, even if well disclosed and understood?
  • What oversight and/or policy tools should the CFPB use to address the escalation of excessive fees or fees that shift revenue away from the front-end price?
LTCU: (22-CU-01): Submission for 2021 Voluntary Credit Union Diversity Self-Assessment Extended to January 31, 2022 
January 2022

NCUA’s LTCU was issued to extend the deadline for credit unions to submit the 2021 voluntary Credit Union Diversity Self-Assessment. Submissions for 2021 will now be accepted until January 31, 2022. After that date, the self-assessment portal will remain open, but submissions will become part of the 2022 data set.

This tool is designed to help credit unions evaluate and advance their diversity policies and practices. The voluntary self-assessment is not part of the examination process. Data collected via the assessment will not impact a credit union’s CAMELS rating or be used in the supervisory process.

The NCUA will use anonymized data from the self-assessment to report on progress and trends in credit union diversity-related activities. The agency will not publish any information identifying a particular credit union or individual without written approval.

LTCU: (21-CU-16) Relationships with Third Parties that Provide Services Related to Digital Assets

December 2021

NCUA’s LTCU was issued to provide clarity about the already existing authority of federally insured credit unions (FICUs) to establish relationships with third-party providers that offer digital asset services to the FICUs’ members, provided certain conditions are met. While the authority for federal credit unions (FCUs) to establish these relationships is described in the letter, the authority for federally insured, state-chartered credit unions (FISCUs) to establish these relationships will depend upon the laws and regulations of their states.

Authority

FCUs may continue to act as a finder to bring together their members and providers of third-party services, including services related to digital assets. Introducing members to third parties that may provide members with services related to digital assets is permissible as it: (1) is useful in carrying out an FCU’s business because it facilitates member services that allow an FCU to serve as their members’ primary financial institution; (2) is the logical outgrowth of an FCU’s business, including its role in serving as its members’ primary financial institution; and (3) involves risks similar in nature to those FCUs already assume in serving their members, including referring members to various third-party service providers of other non-deposit financial products and services.

Further Guidance and NCUA’s Examination of Federally Insured Credit Unions
FICUs must act in accordance with all applicable laws, including those designed to ensure safety and soundness; comply with consumer financial protection, investor protection, and anti-money laundering/terrorism finance laws; and protect cybersecurity. General guidelines include:

Due Diligence:  FICUs should take care to select an appropriate third-party service provider before entering into an arrangement that allows for the provision of digital asset services to the FICUs’ members.

Credit Union Policies, Procedures and Agreements:  The FICU’s written policies, procedures, and contracts should at least address the following:

  • The features of the program
  • A description of the responsibilities of the FICU and the third party
  • Indemnification by the third party
  • The roles of the FICU and the third party
  • The location of non-deposit sales
  • The use of disposition of FICU member information
  • Termination of the contract
  • Ongoing compliance with the requirements of all applicable law

Advertising and Conduct in Third-Party Arrangements:  When selling, advertising, or otherwise marketing uninsured digital assets to members, members should be informed that the products offered:

  • Are not federal insured
  • Are not obligations of the FICU
  • Are not guaranteed by the FICU
  • Are or may be heavily speculative and volatile
  • May have associated fees
  • May not allow member recourse
  • Are being offered by a third party

These disclosures should be made in writing and in a location and type size that are clear and conspicuous to the member. Oral disclosures should also be made as part of any oral presentation or customer support. In addition, to avoid confusion, third parties should not offer products with a product name that is intentionally similar to a FICU’s name.

Supervisory Considerations

The NCUA recognizes third-party relationships may be valuable to FICUs in facilitating member access to the new and emerging digital asset services currently evolving within the marketplace. However, FICUs are responsible for safeguarding member assets and ensuring sound operations irrespective of whether delivery of services is accomplished internally or through a third-party relationship. Accordingly, when assigning supervisory risk and CAMELS ratings as part of the supervisory process, examiners will evaluate the rigor with which FICUs execute compliance and risk oversight of third-party relationships established to deliver member access to digital asset services.