Office of Comptroller of Currency: Interpretive Letter 1183

Office of Comptroller of Currency:  Interpretive Letter 1183

NASCUS Legislative and Regulatory Affairs
March 10, 2025

On Friday, March 7, 2025, the Office of the Comptroller of Currency (OCC) published Interpretive Letter 1183. At the same time the OCC issued this letter, it also withdrew its participation in the joint statement on crypto-asset risk to banking organizations and the joint statement on liquidity risks to banking organizations resulting from crypto-asset market vulnerabilities.

These previous joint statements highlighted numerous key risks associated with crypto-assets, including fraud and scams, misleading representations by crypto companies, volatility in the crypto-asset market, and risk management and governance practices.

The Interpretive Letter rescinds a Biden-era requirement, Interpretive Letter 1179, that a national bank must obtain supervisory non-objection from the OCC before engaging in certain cryptocurrency-related activities.

This latest letter also reaffirms that the crypto-asset custody, distributed ledger, and stablecoin activities discussed in prior letters are permissible. These letters are:

• OCC Interpretive Letter 1170: Banks providing crypto-asset custody services;
• OCC Interpretive Letter 1172: Banks holding dollar deposits serving as reserves backing stablecoins in certain circumstances; and
• OCC Interpretive Letter 1174: Banks 1) acting as nodes on an independent node verification network (distributed ledger) to verify customer payments and 2) engaging in certain stablecoin activities to facilitate payment transactions on a distributed ledger.

The letter further states that national banks must conduct all “crypto-asset activities” in a “safe, sound, and fair manner and in compliance with applicable law,” further indicating that these activities should be built and implemented with sound risk management practices while aligning with overall business strategies.

The Federal Reserve Board (FRB) and Federal Deposit Insurance Corporation (FDIC) have yet to issue information on this change in stance. The NCUA was not part of the joint statements and separately issued LTCU 21-CU-16 Relationships with Third Parties that Provide Services Related to Digital Assets and LTCU 22-CU-07 Federally Insured Credit Union Use of Distributed Ledger Technologies.  The NCUA also has a Financial Technology and Digitals Assets Resource Page.

NASCUS will continue to monitor changes across the agencies.

Financial Crimes Enforcement Network
FIN-2025-CTA1: Beneficial Ownership Information Reporting Deadline Extension

NASCUS Legislative and Regulatory Affairs Department
February 20, 2025

On February 18, 2025, the U.S. District Court for the Eastern District of Texas ruled the reporting requirements under the Corporate Transparency Act (CTA) are back in effect, with the reporting deadline extended to March 21, 2025.

FinCEN issued a notice outlining the updated deadlines as well as signaling the Agency’s commitment to reducing regulatory burden on businesses. During the 30-day extension FinCEN will assess its options to further modify deadlines while “prioritizing reporting for those entities that pose the most significant national security risks.”

FinCEN also intends to initiate a process in 2025 to revise the BOI reporting rule to reduce burden for lower-risk entities, including many U.S. small businesses.

Updated Deadlines

• The new deadline to file an initial, updated, and/or corrected BOI report is now March 21, 2025.
• Reporting companies that were previously given a reporting deadline later than March 21, 2025, must file their initial BOI report by that later deadline.
• As indicated in the alert titled “Notice Regarding National Small Business United v. Yellen, No. 5:22-cv-01448 (N.D. Ala.)”, Plaintiffs in National Small Business United v. Yellen, No. 5:22-cv01448 (N.D. Ala.)—namely, Isaac Winkles, reporting companies for which Isaac Winkles is the beneficial owner or applicant, the National Small Business Association, and members of the National Small Business Association (as of March 1, 2024)—are not currently required to report their beneficial ownership information to FinCEN at this time.

The notice also reminds reporting companies they can report their BOI information directly to FinCEN at https://boiefiling.fincen.gov.

NCUA Letter to Credit Unions 25-CU-03: Exam Scheduling Policy Changes

NASCUS Legislative and Regulatory Affairs | February 13, 2025

On February 11, 2025, the NCUA issued LTCU 25-CU-03. During the December meeting, the NCUA Board approved changes to the agency’s examination scheduling policy for federally insured credit unions (FICUs). The scheduling changes were briefly discussed in LTCU 25-CU-01, Supervisory Priorities.

The changes to the examination schedule took effect on January 1, 2025. The following changes apply to certain FICUs, however, this schedule may fluctuate until the examination program is fully adjusted to the changes.

The letter also notes that the NCUA will coordinate with state regulators and will conduct examinations of FISCUs jointly.

[kp_table]

Criteria	Time from Last Exam Completion Date to Next Exam Start Date
FICUs with any of the following characteristics: • CAMELS composite or Management component rating of 3,4, or 5 • Less than well-capitalized • Recordkeeping DOR item • Outstanding enforcement action • New credit union • Assets greater than or equal to $10b	8 months to less than 12 months
FICUs with assets greater than $1b and less than $10b, and: • A CAMELS composite or ANY component rating of 3,4, or 5; or • A change in CEO since the last exam	8 months to less than 12 months
FICUs with assets greater than $1b and less than $10b, and: • A CAMELS composite and all component ratings of 1 or 2; and • No change in CEO since the last exam	12 months to less than 16 months
FCUs not included in Sections 1, 2, or 3 above.	14 months to less than 18 months
FISCUs not included in Sections 1, 2, or 3 above.	Once every 5 years

[/kp_table]

For additional information on examination scheduling, credit unions are encouraged to visit the NCUA’s Exam Flexibility Initiative Website.

National Credit Union Administration: 2025 Annual Performance Plan

NASCUS Legislative and Regulatory Affairs
February 3, 2025

On the NCUA’s January Board Meeting agenda was the approval of the 2025 Annual Performance Plan.

The Annual Performance Plan (plan), in conjunction with the agency’s budget, outlines the resources and strategies the NCUA will use to set priorities and manage performance. The NCUA models the plan on the 2022-2026 Strategic Plan with three strategic goals. The goals are substantially similar to the 2024 Plan.  The strategic goals and objectives include key performance indicators.

1. Ensure a safe, sound, and viable system of cooperative credit that protects consumers.
2. Improve the financial well-being of individuals and communities through access to affordable and equitable financial products and services.
3. Maximize organizational performance to enable mission success.

---

Strategic Goals

Strategic Goal 1: Ensure a safe, sound, and viable system of cooperative credit that protects consumers. This first strategic goal includes five strategic objectives with performance goals.

• Strategic Objective 1.1: Maintain a financially sound Share Insurance Fund through the following strategies:
  • Continue to make prudent investment decisions for the SIF to ensure investment objectives are met and comply with the Board-approved investment policy.
  • Monitor emerging challenges and risk potentially impacting the credit union system and the SIF and take appropriate action if necessary.
  • Resolve safety and soundness concerns through prompt and effective supervisory and resolution actions, as needed.
  • Identify merger or P&A partners for credit union failures, to provide continued service to credit union members, increase efficiency, and reduce costs.
  • Determine ways to strengthen the management and operations of the SIF, including reassessing the normal operating level (NOL) methodology.
  • Manage and recover assets in credit union liquidations to minimize failure costs and expenses to the SIF, credit union member-owners, and creditors.
• Strategic Objective 1.2: Provide effective and efficient supervision. The plan details several strategies and initiatives to accomplish this objective that include:

• • Calibrating examination and supervisory priorities based on an ongoing evaluation of risks to the system.
  • Allocating resources to areas posing the greatest risk, including compliance with consumer protection laws and regulations.
  • Scheduling and completing examinations and supervisory contacts in accordance with Agency policy, particularly timely supervision of CAMELS 3, 4, and 5 rated credit unions.
  • Taking prompt and effective supervisory and resolution actions as needed.
  • Working closely with state regulators to ensure necessary action and effective supervision of FISCUs while minimizing burden on FISCUs.
  • Strengthening and maturing analytic capabilities, including investing in information technology and modeling and risk-identification tools.

• Strategic Objective 1.3: Ensure compliance with, and enforcement of, federal consumer financial protection laws and regulations at credit unions. The plan indicates the agency will meet this objective through the following strategies:

• • Perform fair lending examinations and supervision contacts for all types of lending products and refer fair lending violations to the DOJ. The target goal is completion of 60 fair lending examinations in 2025.
  • Provide timely guidance to the credit union system and examiners regarding regulatory changes to consumer compliance regulations.
  • Monitor consumer complaints and fair lending examination and offsite supervision contact results to guide consumer compliance program development.
  • Collect and make public data on overdraft and NSF fee revenue earned by federally insured credit unions with assets greater than $1billion.
  • Collaborate with other federal regulatory agencies to protect consumers who use credit union products and services.
  • Continue to provide efficient consumer complaint management process in the Consumer Assistance Center.
• Strategic Objective 1.4: Ensure NCUA-Insured credit unions can appropriately manage emerging opportunities and risks, including cybersecurity and climate-related financial risk. The plan states the agency will manage risk and opportunities by:
  • Providing staff training on a timely basis.
  • Providing examiners with timely reports to identify trends in key risk areas.
  • Enhance and continue examiner training related to information security and cyber risks.
  • Provide guidance and other information to the industry on regulatory and supervisory matters, trends affecting FICUs, and potential risks and threats.
  • Hire a climate-related financial risk officer to develop tools to support credit unions and implement training for examiners to assess the risk related to energy-efficient product loans.

• Strategic Objective 1.5: Ensure NCUA policies and regulations appropriately address emerging and innovative financial technologies, including digital assets. The plan states the agency will ensure NCUA’s policies, regulations, and guidance appropriately address emerging and innovative FinTech through the following strategies by:
  • Continuing to study emerging financial technology, including AI, DLT, and digital assets, to determine regulatory and policy needs for the credit union system.
  • Facilitating discussions between credit unions and FinTechs.
  • Engaging with the credit union industry and FinTech providers through webinars, office hours, and other outreach.
  • Working with credit unions to implement and use technology solutions so they can operate more efficiently and expand access to affordable and equitable financial services.

---

Strategic Goal 2: Improve the financial well-being of individuals and communities through access to affordable and equitable financial products and services.

The second strategic goal includes two strategic objectives.

• Strategic Objective 2.1: Enhance consumer access to affordable, fair, and federally insured financial products and services. The plan states the NCUA will accomplish this objective by:
  • Promoting NCUA programs that assist credit unions with providing access to safe and affordable financial services.
  • Focusing on meeting the needs of underserved communities through financial education and access to safe and affordable financial services.
  • Promoting the value of diversity and inclusive financial services in credit unions; and
  • Actively participating in FFIEC working groups and Financial Literacy and Education Committee meetings.
• Strategic Objective 2.2: Support and foster small, minority, low-income, and new credit unions. The plan indicates the agency will continue to develop initiatives to foster new credit unions, credit unions serving those of modest means, and MDI designated credit unions. The plan also notes the NCUA will continue to evaluate ways to further improve the chartering process for new credit unions. The plan provides several strategies and initiatives to achieve this objective including but not limited to:
  • Encouraging greater use of the CDRLF and the Treasury’s CDFI certification to bolster services to low-income members.
  • Providing resources to assist small credit unions and MDI designated credit unions.
  • Collaborating with the CDFI Fund to increase awareness among credit unions of the benefits available from the CDFI Fund’s programs.
  • Structure the CDRLF grant initiatives to maximize the impact on low-income communities and sustain the availability of access to financial services through education and training for credit union staff, managers, and officials, which would include succession planning for long-term viability of credit unions
  • Promote the growth of existing and encourage the identification of new MDI credit unions through the NCUA’s MDI preservation program.

---

Strategic Goal 3: Maximize organizational performance to enable mission success. This goal focuses on the NCUA as an organization and includes three strategic objectives.

• Strategic Objective 3.1: Attract, develop, and retain an engaged, high-performing, diverse workforce within an inclusive, professional environment. The plan states the agency will implement several different strategies to attract and retain a skilled and diverse workforce. Some of these strategies include:
  • Strengthening the agency’s human capital data analytics, statistical modeling, and forecasting capabilities to improve long-range planning efforts.
  • Addressing and eliminate barriers to equal employment opportunity where low participation exists.
  • Developing a culture of continuous learning for employees.
  • Maintaining investment in programs that promote employee retention and inclusion, such as leadership development programs.
  • Targeting diverse communities through awareness campaigns as part of employee recruitment.

• Strategic Objective 3.2: Deliver improved business process supported by secure, innovative, and reliable technology solutions and data. The plan states that the NCUA will be planning for new and improved approaches for processes, data analysis, and supervision through the use of technology. In order to accomplish this objective the agency will:
  • Maintain strong information technology systems.
  • Ensure the NCUA has an appropriate disaster response plan and communication strategies.
  • Enhance the oversight of information technology investments through scheduled reviews.
  • Continue initiatives that harness new and emerging data, advance analytical techniques, and improve off-site supervisory approaches.
  • Ensure NCUA-produced digital content and applications are consistent, moder, and user/mobile-friendly.

• Strategic Objective 3.3: Ensure sound organizational governance. This final strategic objective addresses organizational governance at the agency through management of its resources and ensuring the agency complies with applicable laws, policies, and standards. This objective will be achieved through several practices including but not limited to:
  • Maintaining sound business processes that promote efficiency in operations and supports accountability and decision-making
  • Leveraging tools, processes, and resources for increasing opportunities to minority and women-owned businesses in the NCUA competitive procurement process.
  • Continuing to mature the agency’s ERM program and promote a risk-aware culture to ensure cost-effective decision making and risk management within the NCUA.

---

The plan also addresses the agency’s major programs:

• Supervision of credit unions with seven key areas of focus:
  • Interest rate risk;
  • Liquidity risk;
  • Credit risk, including asset concentration risk;
  • Reputation risk;
  • Transaction risk;
  • Compliance risk, including compliance with consumer protection and anti-money laundering laws and regulations; and
  • Strategic risk, including operational risks such as cybersecurity and fraud.
• Consumer Financial Protection by emphasizing a compliance approach to ensure credit unions are provided with clear guidelines to ensure they comply with applicable laws and regulations, including consumer financial protection and fair lending laws.
• Insurance through management of the NCUSIF.
• Asset Management through AMAC, with the purpose of minimizing credit union failure costs to the NCUSIF, credit union member-owners, and other stakeholders.
• Credit Union Development through chartering and FOM services, training, and resource assistance to further credit union development for small, minority, newly chartered, and low-income designated credit unions.
• Advancing Access to Safe, Fair, and Affordable Financial Services by assisting credit unions with outreach strategies through education, grant identification, and other financial sources.

NASCUS Summary re: CFPB Request for Information Regarding Consumer Credit Card Market

January 2025 | Docket No. CFPB 2025 0004

The Consumer Financial Protection Bureau (CFPB) issued a Request for information (RFI) soliciting information from the public on a number of aspects of the consumer credit card market.

Comments must be received by April 17, 2025.  The Request for Information can be found here.

---

Summary

The Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act) requires the CFPB to conduct a review of the consumer credit card market.  In connection with this review process, the CFPB seeks information from members of the public about the following:

• How the credit card market is functioning
• The experiences of consumers and credit card issuers in the credit card market
• The overall health of the credit card market
• The information that consumers, credit card issuers, industry analysts, consumer groups and other interested persons believe is most relevant to the CFPB’s review of the credit card market.

In addition, while commenters are free to comment generally, the CFPB has posed a number of questions concerning the following topic areas:

• The terms of credit card agreements and practices of credit card issuers
• The effectiveness of disclosure of terms, fees, and other expenses of credit card plans
• The adequacy of protections against unfair or deceptive acts or practices relating to credit card plans
• The cost and availability of consumer credit cards
• The safety and soundness of credit card issuers
• The use of risk-based pricing for consumer credit cards
• Consumer credit card product innovation

NASCUS Summary on the CFPB Proposed Interpretive Rule/Request for Comment on EFTs Through Accounts Established for Personal, Family or Household Purposes Using Emerging Payment Mechanisms

January 2025 | 12 CFR Part 1005

The Consumer Financial Protection Bureau (CFPB) is proposing this interpretive rule to assist companies, investors, and other market participants evaluating existing statutory and regulatory requirements governing electronic fund transfers (EFTs).

Comments must be received by March 31, 2025.  The proposed interpretive rule can be found here.

---

Summary

The Electronic Fund Transfer Act (EFTA) provides rights to consumers to dispute errors and limit their liability for unauthorized electronic fund transfers. The EFTA and Regulation E apply to an electronic fund transfer (EFT) that authorizes a “financial institution” to debit or credit a consumer’s account.

The term “electronic fund transfer” generally means any transfer of “funds” that is initiated through an electronic terminal, telephone, computer or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer’s account.

The CFPB interprets the term “funds” to include assets that act or are used like money and could include stablecoins, as well as any other similarly situated fungible assets that either operate as a medium of exchange or as a means of paying for goods or services.  The Bureau notes that the adoption of new technologies raises questions about the rights/liabilities of consumers who use the EFT services and the responsibilities of financial institutions that offer them.

The proposed interpretive rule notes that market participants that are offering new types of payment mechanisms to facilitate electronic fund transfers should determine whether their accounts are subject to the EFTA and Regulation E.  If so, participants are required to provide certain consumer protections such as:

• Error resolution
• Limiting a consumer’s liability for unauthorized EFTs
• Provision of initial and ongoing disclosures
• Provision of periodic statements and change in term notices

Comment Request

The CFPB is soliciting comments on the proposal generally and may make revisions when issuing the final interpretative rule based on the feedback received.

Final Rule Summary
NCUA: Minority Depository Institution Preservation Program 

NASCUS Legislative and Regulatory Affairs Department
February 29, 2024

The NCUA Board issued final revisions to Interpretive Ruling and Policy Statement (IRPS) 13-1, regarding the Minority Depository Institution (MDI) Preservation Program. IRPS 13-1 was initially proposed in 2013 and finalized in 2015 establishing the MDI Preservation Program to encourage the preservation of existing MDIs and establish new MDIs.

In June 2023, the Board invited comment on proposed revisions to IRPS 13-1. The proposed revisions included:

• Transferring the administration of MDIs to CURE to reflect the agency’s current structure;
• Clarifying the meaning of “community it services,” means a credit union’s field of membership;
• Adding a reference to agency guidance to examiners regarding supervision of MDIs
• Clarifying the process for reviewing an MDI’s designation status; and
• Adding new subsection headings and expanding the discussion of agency actions and policies in MDI engagement, technical assistance for MDIs, examinations of MDIs, grants and loans, and training.

The revisions were adopted as proposed and are effective March 27, 2024.

---

Summary

The final IRPS 13-1 consists of four categories with subcategories reflecting the proposed revisions. The categories consist of:

1. Goals and Objectives of the Minority Depository Institution Preservation Program.
   • Preserve the number of MDIs;
   • Preserve the minority character of MDIs involved in mergers and acquisitions;
   • Provide technical assistance to prevent insolvency of MDIs that are not now insolvent;
   • Promote and encourage the creation of new MDIs; and
   • Provide training, technical assistance, and educational programs for MDIs.
2. Description of the Minority Depository Institution Preservation Program
   • The MDI Program is administered by NCUA’s CURE office. NCUA will meet periodically with state regulators, other federal regulators, and stakeholders to discuss outreach efforts and identify areas to work together to assist MDIs.
   • NCUA initiatives to assist MDIs;
     • Consulting and support programs
     • Training and education;
     • Grants and loans through the NCUA’s Community Development Revolving Loan Fund (CDRLF)
     • Technical assistance
3. Minority Depository Institution Designation Eligibility
   • A majority of the credit union’s current members are from any of the eligible minority groups;
   • A majority of the members of the credit union’s board of directors are from any of the eligible minority groups; and
   • A majority of the community the credit union serves, as designated in its field of membership, are from any eligible minority groups.
4. Monitoring and Reporting on Minority Depository Institutions
   NCUA will monitor MDIs and report to Congress annually:
   • The number and overall financial condition of MDIs;
   • Any actions taken by the agency to preserve and strengthen MDIs and encourage the chartering of new MDIs;
   • A summary of the NCUA’s efforts to obtain feedback from MDIs on the effectiveness of the agency’s MDI support and preservation activities; and
   • A list of MDIs on its website.

NCUA Research Note on Overdraft, NSF Fees at Credit Unions
NASCUS Legislative & Regulatory Affairs Committee

(January 16, 2025) The National Credit Union Administration (NCUA), Office of the Chief Economist (OCE), released a Research Note that provides statistics on overdrafts and NSF fees and observations on their relationship with other revenues.

In Q1 2024, the NCUA began collecting information on year-to-date overdraft (OD) and non-sufficient funds (NSF) fee revenue. This data collection was recently discussed in LTCU 24-CU-03, Consumer Harm Stemming from Certain Overdraft and Non-Sufficient Funds Fee Practices.

The Research Note analyzes statistics for OD and NSF fee revenues as a fraction of total revenues. The analysis utilized data from the first three quarters of 2024, dividing credit unions into categories based on the share of their revenue derived from these two sources.

The Research Note provides two observations on the relationship between OD and NSF fees versus that of other revenue sources:

• Credit unions with higher combined OD and NSF fees per member do not seem to have lower fees per member for other services.
  • Analysis provided in the Research Note indicates there was little evidence of an inverse relationship between these fees and fees for other services.
• Credit unions with higher combined OD and NSF fee revenues do not seem to be using those fees to “subsidize” better interest rates.
  • Analysis comparing OD and NSF fees to net interest margins for FCUs and FISCUs indicates that higher combined OD and NSF fees are associated with higher net interest margins.

The Research Note provides several graphs detailing the analysis and concludes by stating that the OCE plans to continue its analysis of evolving trends in this space as more data becomes available with notable observations made available in future Research Notes.

NASCUS Summary of CFPB Request for Information Regarding the Collection, Use, and Monetization of Consumer Payment and Other Personal Financial Data

January 15, 2025

Docket No. CFPB-2025-0005

The Consumer Financial Protection Bureau (CFPB) is seeking comments from the public to better understand how companies that offer or provide consumer financial products or services collect, use , share, and protect consumers’ personal financial data.

Comments in response to the Request for Information (RFI) must be received by April 11, 2025.  The RFI can be found here.

---

Summary

• The CFPB has studied how consumer financial data is being used and has observed that business practices have deviated significantly from consumer expectations regarding use of their personal data. The Bureau does not believe that consumers appreciate all of the ways that financial companies are collecting their data or how it can be sold.
• The CFPB issued this Request for Information (RFI) seeking comments from the public on how companies that offer or provide consumer financial products or services collect, use, process, transmit, share, store, aggregate, sell or otherwise generate insights from or act upon consumer data.
• The Bureau is particularly interested in hearing from individuals, social services organizations, consumer rights/advocacy organizations, legal aid attorneys, academics and researchers, small businesses, financial institutions, and State/local government officials.
• The Bureau welcomes stakeholders to submit data and information about the ways companies that offer or provide consumer financial products or services collect, use, and share consumer data including those companies subject to the GLBA and Regulation P.
• The RFI includes 15 questions that stakeholders may answer. However, the Bureau is  interested in any comments received related to consumer data that financial companies collect.

NCUA Letter to Credit Unions 25-CU-02
Cyber Incident Notification Requirements Update to letter 23-CU-07

NASCUS Legislative and Regulatory Affairs
January 13, 2025

The NCUA issued its second letter to credit unions of 2025, LTCU 25-CU-02. The letter provides an update to LTCU 23-CU-07 Cyber Incident Notification Requirements.  NASCUS’ summary of the Cyber Incident Notification final rule can be found here and a summary of LTCU 23-CU-07 here.

LTCU 25-CU-02 includes two previous methods for reporting a cyber incident to the NCUA as well as a new secure web form for reporting:

• Via phone at 1-833-CYBERCU (1.833.292.3728) and leave a voicemail; or
• Via the NCUA Secure Email Message Center with a secure email to [email protected]
• Completion of the Cyber Incident Credit Union Reporting System online form.

The letter also reminds credit unions of the agency’s cybersecurity information and resources and provides an updated Cyber Incident Reporting Quick Reference Guide.

Letter to Credit Unions 25-CU-01: NCUA’s 2025 Supervisory Priorities

NASCUS Legislative and Regulatory Affairs
January 8, 2025

On January 7, 2025, the NCUA issued Letter to Credit Unions 25-CU-01 outlining the agency’s supervisory priorities and other updates to its examination program 2025. The priorities focus on the areas the NCUA believes pose the highest risk to credit union members, the industry, and the NCUSIF.

Supervisory Priorities for 2025

Credit Risk

Credit risk remains a top priority for 2025. NCUA notes loan growth slowed in 2024 while overall delinquencies and charge-offs increased. Credit cards and used auto loan portfolios are seeing the highest levels of delinquency and charge-off since the 2008 financial crisis. To address this the letter indicates examiners will continue to review credit union lending and risk-management practices. Specific focus will be on:

• Credit union’s underwriting standards.
• Collection programs.
• Allowance for Credit Loss reserves.
• Charge-off practices.
• Management and board reporting.
• Management of risk concentrations; and
• Third-party risk management practices

The NCUA encourages credit unions to work with borrowers facing financial difficulties and provides a list of resources and guidance to assist in managing credit risk.

Balance Sheet Management and Risk to Earnings and Net Worth

Due to the rise in interest rates over the last few years, credit union costs of funds increased faster than the returns on loans and investments, impacting net interest margins. NCUA will evaluate credit unions’ earnings and net worth risk-management framework by weighing the current and prospective sources of earnings and the composition of net worth relative to a credit union’s approved plans and thresholds. Examiners will also continue to consider liquidity sources. The letter also lists liquidity resources and guidance, earnings resources and guidance, and resources on net worth and capital adequacy.

 

Cybersecurity

Unsurprisingly, Cybersecurity remains a top priority, as cybercriminals and their attacks become more sophisticated. The NCUA indicates they will continue to use the information security examination procedures to assess credit union programs and will continue to support the voluntary use of the ACET tool.  The letter also encourages credit unions to visit the NCUA’s Cybersecurity Resources webpage.  Lastly, credit unions are reminded of their obligations under the Cyber Incident Notification requirements.

Consumer Financial Protection

NCUA has indicated they will continue to place significant emphasis on credit union compliance with consumer financial protection laws and regulations during examinations. It is noted that examiners will particularly focus on:

• Overdraft programs
• Fair Lending.
• Home Mortgage Disclosure Act (HMDA) and Regulation C.
• Military Lending Act; and
• Electronic Funds Transfer Act (EFTA) and Regulation E.

It is not surprising to see overdraft programs on the top of this list given NCUA’s recently issued LTCU 24-CU-03 in which the agency highlights risks associated with certain overdraft and NSF practices.

Other Updates

While not specifically addressed as supervisory priorities the letter addresses an update to its exam flexibility initiative in 2025, providing an extended exam cycle for credit unions with over $1 billion in assets. Credit unions in this asset range rated a CAMELS composite 1 or 2 with no change in the CEO since the last examination will now be eligible for a 12–16-month exam cycle. Additionally, the extended exam cycle for eligible federal credit unions will be shortened from 14-20 months to 14-18 months.

The NCUA indicates it will continue conducting the defined Small Credit Union Exam Program for most credit unions with assets of $50 million or less, and risk-focused examination procedures for all others. The letter also notes credit unions will need to remain aware of the Bank Secrecy Act/Anti-Money Laundering/Countering of Financing of Terrorism regulations and requirements.

Minority Depository Institution (MDI) Preservation Program

Finally, the letter states the agency recognizes the importance of MDIs and is committed to supporting the ongoing success of MDIs, including the need to support some MDIs more or differently. It further states that examinations will consider the “unique strategies and member needs of MDI credit unions.”

NASCUS Summary re: CFPB Circular 2024-07: Design, marketing and administration of credit card rewards programs

December 18, 2024

The Bureau issued CFPB Circular 2024-07 to answer the following question – Can credit card issuers violate the law if they or their awards partners devalue earned rewards or otherwise inhibit consumers from obtaining or redeeming promised rewards?

---

Response:

Yes.  Covered persons that offer, provide or operate credit card rewards programs (and their service providers) may violate the prohibition against unfair, deceptive or abusive acts or practices under a variety of circumstances.  The circular provides examples.

---

Analysis:

The Consumer Financial Protection Act (CFPA) prohibits any “covered person” or “service provider” from “committing or engaging in an unfair, deceptive, or abusive act or practice under Federal law in connection with the offering of a consumer financial product or service.”  An act or practice is unfair when (i) it causes or is likely to cause substantial injury to consumers that is not reasonably avoidable by consumers and (ii) such injury is not outweighed by countervailing benefits to consumers or to competition.  Substantial injury includes monetary harm, and may be based on likely rather than actual injury.  Under the CFPA, a representation, omission, or practice is deceptive if it is likely to mislead a reasonable consumer and is material.

The CFPB is issuing this circular to underscore that the CFPA’s prohibition on unfair or deceptive acts or practices applies to the design, marketing, and administration of credit card rewards programs.  Rewards program operators may violate this prohibition in a variety of circumstances regardless of whether they are taking actions consistent with rewards programs terms.  In particular, rewards program operators risk committing unfair or deceptive acts or practices when (i) rewards that consumers have already earned are devalued; (ii) consumers’ receipt of rewards is revoked, cancelled, or prevented based on buried or vague conditions; and (iii) rewards points are deducted without consumers receiving the corresponding benefit of the rewards.