U.S. Department of Treasury Summary: 2024 National Strategy for Combatting Terrorist and Other Illicit Financing

U.S. Department of Treasury Summary: 2024 National Strategy for Combatting Terrorist and Other Illicit Financing

NASCUS Legislative and Regulatory Affairs Department
May 23, 2024

With little fanfare, on May 16, 2024 the U.S. Department of Treasury issued its 2024 National Strategy for Combatting Terrorist and Other Illicit Financing. The document is 55 pages and according to Treasury’s press release, “addresses the key risks from the 2024 National Money Laundering, Terrorist Financing, and Proliferation Financing Risk Assessments.”

The document is extensive and discusses a lengthy list of topics. At a high level, it identifies four “priorities” and 15 “supporting actions” to support the four priorities. Each of the priorities and supporting actions is to support the goals of the U.S. Anti-Money Laundering/Countering Financial Terrorism regime.

The four priority recommendations according to the press release and report are:

1. 1Close legal and regulatory gaps in the U.S. AML/CFT framework that illicit actors exploit to anonymously access the U.S. financial system by operationalizing the beneficial ownership information registry for law enforcement, national security, and intelligence use; finalizing rules related to the residential real estate and investment adviser sectors; and assessing other sectors that may be vulnerable to illicit finance;
2. Promote a more effective and risk-focused U.S. AML/CFT regulatory and supervisory framework for financial institutions to make them more efficient and effective in preventing illicit finance by providing clear compliance guidance, sharing information appropriately, and ensuring adequate resourcing for supervisory and enforcement functions;
3. Enhance the operational effectiveness of law enforcement, other U.S. government agencies, and international partnerships in combating illicit finance so threat actors cannot find safe havens for their operations; and
4. Realize the benefits of responsible technological innovation in the United States by developing new payments technology, supporting the use of new mechanisms for private sector compliance, and utilizing automation and innovation to find novel ways to combat illicit finance.

The report also includes a graphic that details the primary goals, priorities, and supporting actions.

While these are laudable goals the report also leads one to question how Treasury will accomplish these goals as the document acknowledges the lack of government resources, particularly when it comes to monitoring non-bank financial institutions, which are becoming a much greater focal point.

Financial Crimes Enforcement Network: Financial Trend Analysis: Elder Financial Exploitation

NASCUS Legislative and Regulatory Affairs Department
May 15, 2024

FinCEN issued a Financial Trend Analysis focusing on patterns and trends identified in Bank Secrecy Act (BSA) data linked to Elder Financial Exploitation (EFE). In developing this analysis FinCEN examined BSA reports filed between June 15, 2022, and June 15, 2023, using the key term referenced in FinCEN’s June 2022 EFE Advisory or checking “elder financial exploitation” as a suspicious activity type. This amounted to 155,415 filings, indicating roughly $27 billion in EFE-related suspicious activity.

---

Summary

In this latest trend analysis, FinCEN identified two predominant categories of victimization across EFE-related BSA filings:

1. Elder scams where the victim does not know the perpetrator and;
2. Elder theft, where the victim knows the perpetrator.

The report also identified that banks filed 72% of all EFE-related BSA filings. Two banks reported 33 percent, or 50,670 BSA filings, of the filings in the dataset obtained.  Credit unions accounted for 8 percent of filings.

• Financial institutions filed more elder scam-related BSA filings than elder theft-related
• Account takeover was the most frequently cited EFE typology with the majority of elder scam-related filings also referenced account takeover activity.
• Adult children were identified as the most frequent elder theft-related perpetrators.
• Perpetrators in elder theft relied on mostly unsophisticated means to steal funds that minimized direct contact with financial institution employees.

In instances of elder theft, filers reported an average suspicious activity amount of $98,863 and a median amount of $23,762. For elder scams, filers reported an average suspicious activity amount of $129,483 and a median amount of $33,499.

The report notes the methods of elder theft varied, but generally relied on cash withdrawals, card transactions, online bill pay, and funds transfers. Furthermore, the analysis details that in elder scams, money was most commonly transmitted through checks and domestic wires.

FinCEN’s manual review of each filing indicated perpetrators used the following scams:

• Impersonation – 8%
• Romance scams – 9%
• Tech support – 10%
• Account takeover – 22%
• Scam unidentified – 23%
• 41 Other scam types – 28%

Reporting

FinCEN recommends that if a credit union suspects EFE with a member it should file a Suspicious Activity Report (“SAR”) as well as refer customers who may be victims of EFE to the Department of Justice’s National Elder Fraud Hotline at 833-FRAUD-11 or 833-372-8311 for assistance with reporting suspected fraud to the appropriate government agencies.

In addition to FinCEN’s recommendations, credit unions should review individual state laws and associated reporting requirements.

Takeaways

This report shines a light on EFE as a growing problem and one that is showing no signs of slowing down. Financial institutions should develop internal protocols and controls similar to the following steps to protect against EFE.

• Offering age-friendly services to older consumers, including protective opt-in account features such as withdrawal limitations, alerts, and transaction restrictions for merchant categories; and
• Ask detailed questions when the elder account holder requests account transactions that are unusual for the account (i.e., wire transfers and large cash withdrawals) and monitor account activity to help prevent and detect scams and theft.

Further, FIs must train their employees to prevent, detect, and respond to EFE. The training should include descriptions of indicators of potential EFE and preventative measures and action steps for responding to and reporting Elder Financial Exploitation.

Advanced Notice of Proposed Rulemaking and Request for Comment
NCUA Part 749: Records Preservation Program and Appendices – Record Retention Guidelines; Catastrophic Act Preparedness Guidelines

NASCUS Legislative and Regulatory Affairs Department
May 8, 2024

On April 24, 2024, the NCUA Board issued an Advanced Notice of Proposed Rulemaking (ANPR) soliciting comments on ways the agency can improve and update its records preservation program regulations and accompanying guidance under Part 749. The NCUA is also seeking input from stakeholders on the content of the regulation, which has not been updated in 15 years, as well as feedback on the structure of the regulation due to the combination of regulatory requirements and guidance.

Comments on the proposed rule are due on or before June 24, 2024.

---

Summary

Part 749 requires all federally insured credit unions (FICU) to maintain a records preservation program to identify, store, and reconstruct vital records if a credit union’s records are destroyed.  The regulation also requires a FICU’s vital records program to be in writing and include procedures for maintaining duplicate records at an offsite location.

Under the current regulation, ‘vital records’ are defined as:

• A list of share, deposit, and loan balances for each member’s account as of the close of the most recent business day with enough information to locate each member, such as address and phone number;
• A financial report lists all of the credit union’s assets and liability accounts and bank reconcilements as of the previous month-end;
• A list of the credit union’s accounts at financial institutions, insurance policies, and investments along with related contact information, current as of the previous month-end;
• Emergency contact information for employees, officials, regulatory offices, and vendors used to support vital records.

Appendix A to Part 749 provides ‘suggested guidelines’ for record retention and advises several additional sets of records be retained permanently. These records include:

• Official records of the credit union such as:
  • Charter, bylaws, and amendments;
  • Certificates or licenses to operate.
• Key operational records such as:
  • Minutes of membership meetings, board meetings, credit committee, and supervisory committees;
  • One copy of the financial report, NCUA Form 5300 or 5310, and Credit Union Profile Report;
  • One copy of each supervisory committee annual audit report and attachments;
  • Supervisory committee records of account verification;
  • Applications for membership and joint share account agreements;
  • Journal and cash record;
  • General ledger;
  • Copies of member periodic statements
  • Bank reconcilements; and
  • Listing of records destroyed.

The interaction between Part 749 and Appendix A has been a point of confusion for credit unions. For example, Appendix A consists of ‘suggested guidelines” for record retention. If a credit union opted to not retain an item listed under these guidelines permanently, what would the repercussions be? There is also confusion between 749 and other parts of NCUA’s regulations that have retention requirements that are not referenced in 749.

The ANPR consists of 20 questions divided into 4 separate categories.

Definitions

A category for definitions, including whether or not there are additional documents not listed that should be considered as “vital records.” Additionally, two questions addressing catastrophic preparedness in Appendix B and recommended changes.

Records Retention Practices

This category consists of 10 questions in which the NCUA seeks to understand current credit union record retention practices and whether Part 749 is properly serving its purpose which is for a credit union to identify, store, and reconstruct vital records in the event it needs to do so.

Additional Guidance

The Board believes the benefit to credit unions in having the guidance in the appendix to the regulatory requirement will enhance access to the guidance and will facilitate compliance.  In the part 749 rulemaking, the Board further noted that “including specific words like `recommended’ and `guidance’ means, as a legal matter, that the guidance is just that—guidance—and is not enforceable as a regulation.

The 4 questions in this section ask what guidance would be helpful to better reflect the types of records to be retained under Part 749 as well as ask what provisions in Appendix A or B do not align with Part 749.

Other NCUA Requirements

The final question asks if there are other provisions in the NCUA’s regulations that contain record retention requirements that should be incorporated into Part 749.

Notice and Request for Information and Comment
FinCEN: Customer Identification Program Rule Taxpayer Identification Number Collection Requirement

NASCUS Legislative and Regulatory Affairs Department
Summary prepared April 12, 2024

On March 28^th, 2024, FinCEN issued a request for information (RFI) seeking comment regarding the Customer Identification Program (CIP) Rule requirement that credit unions (and other covered entities) [1] collect a full taxpayer identification number (TIN) before opening an account from an individual and a U.S. person (in most cases, for US citizens, this would be their Social Security Number or SSN).  An RFI is not a rulemaking, rather it is an agency seeking background information to help determine if a future rulemaking is necessary.

In this case, FinCEN seeks perspectives on whether allowing credit unions and other covered entities to collect only partial TIN or SSN information would be beneficial.

Comments on the RFI are due on or before May 28, 2024.

---

Summary and Request for Information

Under the BSA/AML, credit unions are to obtain an individual’s full SSN prior to opening an account as part of the institution’s Customer Identification Process (CIP). Generally, institutions are required to collect the information directly from the member opening the account.

When the rule was first adopted, institutions were exempt from the requirements to collect identifying information including the TIN/SSN directly from the consumer when opening credit card accounts because traditionally, institutions used third party sources to collect SSN information when opening those accounts. When implementing the CIP, FinCEN recognized that common practices in situations when the customer was likely not physically present (like opening a credit card account) practice was to forego asking for the TIN/SSN as potential customers would often be uncomfortable giving out that information in a remote setting. The final CIP rule respected that practice. As a result, credit card accounts, think of Chase, American Express, or Capital One for example, were exempt from the CIP Rule’s information collection requirements and institutions may obtain identifying information from a third-party source, such as a credit bureau.

FinCEN has heard from stakeholders seeking a change to the CIP to allow for partial collection of TIN/SSN for all account openings. The agency also acknowledges advancements in technology and tools that may provide additional means of identifying a consumer.

FinCEN recognizes there are risks and concerns with permitting partial SSN collection at account opening.  For example, failing to obtain full SSNs could result in increased identity theft or other fraud. There are also risks of inaccurate third-party data.

For these reasons, FinCEN seeks comments and perspectives on the risks, benefits, and safeguards surrounding the collection of partial SSNs by banks. As part of this RFI FinCEN is also seeking information about current industry practices regarding SSN collection. There are a series of eight questions with additional sub-questions. FinCEN requests that commenters note their highest priorities in their response, along with an explanation of how or why certain suggestions have been prioritized, when possible. You can find the complete list of questions here.

The eight categories of questions include:

1. Should banks be permitted to collect part or all of a customer’s SSN for a U.S. individual from a third-party source prior to account opening? Should FIs be permitted to collect other customer-identifying information required by the CIP Rule from a third-party source? 
2. If banks were permitted to collect partial SSN information from a customer in the case of a U.S. individual and subsequently use a reputable third-party source to obtain the full SSN prior to account opening, what risks, benefits, safeguards, and due diligence would be conducted.

• • This question has a series of ten additional questions specific to overall due diligence.

3. Regarding the current CIP Rule SSN collection requirement for FIs to collect the full SSN for a U.S. Individual directly from the customer prior to account opening, this question also asks a series of additional questions surrounding:

• • The impact of the current requirements on FIs and their customers
  • How they impact their AML programs and;
  • The risks and benefits of collecting a full SSN directly from the customer.

4. Regarding current practices by parties not subject to the CIP Rule’s SSN collection requirement (i.e. non-banks) when using third-party sources for SSN collection, this question asks several questions specific to:

• • Risks and benefits of using a third-party source for SSN collection;
  • The minimum due diligence processes the non-bank typically conducts before contracting third-party sources;
  • What on-going due diligence and monitoring is conducted;
  • How they ensure the privacy and security of customer data;
  • Notification to customers of obtaining their SSN from a third-party source.

5. Provide any publicly available studies or data points that demonstrate:

• • Customer behavior in seeking or avoiding access to financial products or services based on risks associated with a customer providing a full SSN;
  • Accuracy and reliability of third-party sources from which SSN information could be acquired;
  • Impact on financial crime or other illicit finance activity risks when a customer is not required to provide a full SSN;
  • The benefits and risk for non-banks (e.g., employers, retailers, financial service providers, and government agencies) and third-party service providers in obtaining a partial SSN from the customer and then using a third-party source to obtain the customer’s full SSN.

6. Regarding current CIP practices of all financial institutions, both banks, and non-banks, this question asks a series of questions about:

• • Risks identified with the SSN collection requirement and how risks are mitigated;
  • Whether FIs rely on documentary and non-documentary methods to verify identity;
  • The variations of TIN collection and verification practices;
  • Other processes for TIN collection and verification;
  • Processes and technologies used for verification; and
  • Similarities and differences in the collection and verification practices by FIs between individuals who provide SSNs and legal entities that provide Employer Identification Numbers (EINs).

7. What are the competitive advantages and disadvantages between banks that are required to collect the full SSN from the customer and those non-banks that collect a partial SSN from the customer and then use a third-party source to obtain the customer’s full SSN?
8. What types of products/services are impacted by differing regulatory requirements related to SSN collection?

---

[1] For purposes of this summary banks also refers to credit unions.

NASCUS Summary: Proposed Rule — Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
6 CFR part 226

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires the Cybersecurity and Infrastructure Security Agency (CISA) to promulgate regulations implementing the statute’s covered cyber incident and ransom payment reporting requirements for covered entities. CISA seeks comment on the proposed rule to implement CIRCIA’s requirements and on several practical and policy issues related to the implementation of these new reporting requirements.

Comments and related material must be submitted by June 3, 2024.  The proposed rule can be found here.

---

Summary

CIRCIA requires covered entities to report to CISA, within certain prescribed timeframes, any covered cyber incidents, ransomware payments made in response to a ransomware attack, and any substantial new or different information discovered related to a previously submitted report.

CIRCIA further requires the Director of CISA to implement reporting requirements through rulemaking, by issuing a NPRM, no later than March 15, 2024, and a final rule within 18 months of publication of the NPRM.  CISA is issuing this NPRM to solicit public comment on the proposed regulations that would codify these reporting requirements.

The NPRM is divided into six sections:

• Section I – Public Participation – describes the process for members of the public to submit comments on the proposed regulations and lists specific topics on which CISA is particularly interested in receiving public comment.
• Section II – Executive Summary – contains a summary of the proposed regulatory action and the anticipated costs/benefits of the proposed regulations.
• Section III – Background and Purpose – contains a summary of the legal authority for this proposed regulatory action; an overview of the current regulatory cyber incident reporting landscape; a description of the purpose of the proposed regulations; a discussion of efforts CISA has taken to harmonize these proposed regulations with other Federal cyber incident reporting regulations; a discussion of information sharing activities related to the proposed regulations; and a summary of the comments CISA received in response to an RFI issued by CISA on approaches to the proposed regulations and during listening sessions hosted by CISA on the same topic.
• Section IV – Discussion of Proposed Rule – includes a detailed discussion of the proposed rule, the justification for CISA’s specific proposals, and the alternatives considered by CISA.
• Section V – Statutory and Regulatory Analyses – contains the analyses that CISA is required by statute or Executive Order to perform as part of the rulemaking process prior to issuance of the final rule, such as the Initial Regulatory Flexibility Analysis and Unfunded Mandates Reform Act analysis. Section VI contains the proposed regulatory text.

Applicability:

• The rule would apply to certain entities within a critical infrastructure sector including financial services sector entities that are regulated by the Office of the Comptroller of the Currency (OCC), Federal Reserve Board (and Federal Reserve Banks), the Federal Deposit Insurance Corporation (FDIC) and the National Credit Union Administration (NCUA).
• The rule specifically notes that this proposal would be applicable to federally insured credit unions regulated by the NCUA but makes no mention of privately insured credit unions.

CISA Reports:

• Covered entities are required to submit CIRCIA reports in certain instances:
  • When a covered entity experiences a covered cyber incident
  • When a covered entity makes a ransom payment or has another entity make a ransom payment on its behalf or
  • When a covered entity acquires substantial new or different information about submitting a previous CIRCIA Report
• Exceptions to Reporting:
  • When a covered entity reports substantially similar information in a substantially similar timeframe to another Federal agency pursuant to existing law, regulation or contract when a CIRCIA Agreement is in place between CISA and the other Federal agency;
  • When an incident impacts certain covered entities related to the Domain Name System (DNS); and
  • When Federal agencies are required by the Federal Information Security Modernization Act of 2014 (FISMA) to report incidents to CISA.
• Report Submission Deadlines:
  • Covered entities must submit CIRCIA Reports in accordance with the submission deadlines specified in this section.
    • Covered Cyber Incident Reports – a report must be submitted to CISA no later than 72 hours after the covered entity reasonably believes the covered cyber incident has occurred.
    • Ransom Payment Reports – a report must be submitted no later than 24 hours after the ransom payment has been disbursed.
    • Joint Covered Cyber Incident and Ransom Payment Reports – a covered entity that experiences a covered cyber incident and makes a ransom payment within 72 hours after the covered entity reasonably believes a covered cyber incident has occurred may submit a Joint Covered Cyber Incident and Ransom Payment Report to CISA no later than 72 hours after the covered entity reasonably believes the covered cyber incident has occurred.
    • Supplemental Reports – A covered entity must promptly submit supplemental reports to CISA. If a covered entity submits a supplemental report on a ransom payment made after the covered entity submitted a Covered Cyber Incident Report, the covered entity must submit the Supplemental Report to CISA no later than 24 hours after the ransom payment has been disbursed.
• CIRCIA Report Requirements
  • A covered entity must submit CIRCIA reports to CISA through the web-based CIRCIA Incident Reporting Form available on CISA’s website or in any other manner/form of approved reporting.
  • A covered entity must provide the following information in all CIRCIA reports to the extent possible:
    • Identification of the type of CIRCIA Report submitted by the covered entity
    • Information relevant to establishing the covered entity’s identity, including the covered entity’s:
      • Full legal name
      • State of Incorporation/Formation
      • Affiliated Trade Names
      • Organizational entity type
      • Physical Address
      • Website
      • Internal Incident Tracking Number for the Reported Event
      • Applicable Business Numerical Identifiers
      • Name of the parent company or organization, if applicable; and
      • The critical infrastructure sector or sectors in which the covered entity considers itself to be included.
• Third party reporting procedures
  • A covered entity may expressly authorize a third party to submit a CIRCIA report on the covered entity’s behalf to satisfy the covered entity’s reporting obligations. The covered entity remains responsible for ensuring compliance with its reporting obligations.
  • CIRCIA reports submitted by third parties must comply with the reporting requirements and procedures for covered entities:
    • Confirmation of express authorization required – a third party must confirm the covered entity expressly authorized the third party to file the CIRCIA report on the covered entity’s behalf.
    • Third party ransom payments and responsibility to advise a covered entity – a third party that makes a ransom payment on behalf of a covered entity impacted by a ransomware attack is not required to submit a Ransom Payment Report on behalf of itself for the ransom payment. The third party must advise the covered entity of its obligations to submit a Ransom Payment Report.

Requests for Information and Subpoena procedures

• The Director of CISA may issue a request for information to a covered entity if there is a reason to believe that the entity experienced a covered cyber incident or made a ransom payment but failed to report the incident or payment as required.
• The Director of CISA may issue a subpoena to compel disclosure of information from a covered entity if the entity fails to reply by the date specified in a request for information or fails to provide an adequate response to a request for information.
• If a covered entity fails to comply with a subpoena, the Director may refer the matter to the Attorney General to bring a civil action to enforce the subpoena in any US District Court for the judicial district in which the covered entity resides.
• The US District court may order compliance with the subpoena and punish failure to obey a subpoena as a contempt of court.

CFPB Summary: Final Rule re: Credit Card Penalty Fees

12 CFR Part 1026

The Consumer Financial Protection Bureau (CFPB) amends Regulation Z (which implements the Truth in Lending Act) to address the late fees charged by larger card issuers that (together with their affiliates) have one million or more open credit card accounts for the preceding calendar year.  The final rule adopts a late fee safe harbor threshold of $8 for large card issuers for initial and subsequent violations and provides that the annual safe harbor amount adjustments, to reflect changes in the Consumer Price Index (CPI), do not apply to the $8 safe harbor amount.

Comments are due by May 14, 2024; the final rule can be found here.

---

Summary:

The CFPB is amending provisions in Section 1026 of Regulation Z and its related commentary as they relate to credit card penalty fees.  Currently, under Section 1026.52, a card issuer must not impose a fee for violating the terms or other requirements of a credit card account under and open-end (not home secured) consumer credit plan (such as late payments, going over credit limits or returned payments) unless the issuer has determined that the dollar amount of the fee represents a reasonable proportion of the total costs incurred by the issuer for that type of violation or complies with the safe harbor provisions.  Section 1026.52(b) currently sets forth a safe harbor fee of $30 for the initial penalty fee and $41 for each subsequent violation of the same type that occurs during the same billing cycle or in one of the next six billing cycles.

---

Safe Harbor Late Fee Penalty Amounts Under the Final Rule

Acceptable Fee Amounts for Larger Card Issuers

The Bureau has determined that for Larger Card Issuers (issuers that together with their affiliates have one million or more open credit card accounts), the discretionary safe harbor dollar amounts for late fees are too high and not consistent with TILA’s statutory requirement that such fees be reasonable and proportional to the omission or violation to which the fee relates.  To address these concerns, the final rule makes the following amendments that are applicable to large card issuers:

• The rule repeals the current safe harbor threshold amounts and adopts a late fee safe harbor dollar amount of $8 for initial and applicable subsequent violations.
• The final rule also repeals the annual adjustments for safe harbor dollar amounts to reflect changes in the CPI (Consumer Price Index). Whether or not adjustments are necessary will be made on a periodic basis.

Acceptable Fee Amounts for Smaller Card Issuers

• Smaller Card Issuers are defined as card issuers that (together with their affiliates) have fewer than one million open credit card accounts for the entire preceding calendar year. The revisions to Regulation Z under the final rule do not apply to smaller card issuers.  Smaller card issuers will be allowed to continue to charge the current safe harbor late fee amounts of $30 for the initial violation and $41 for each subsequent violation of the same type that occurs during the same billing cycle or in one of the next six billing cycles.  In addition, the safe harbor fee amount will continue to be adjusted annually to reflect changes in the Consumer Price Index (CPI).

Safe Harbor Threshold Amounts for Penalty Fees Other Than Late Fees

• The final rule also adjusts the safe harbor threshold amounts for penalty fees other than late fees to $32 for the initial violation and $43 for each subsequent violation of the same type that occurs during the same cycle or in one of the next six billing cycles. This adjustment applies to ALL credit card issuers.
• The annual Consumer Price Index adjustments will continue to apply with regard to safe harbor fees related to penalty fees other than late fees.

NCUA Risk Alert: 24-RA-01
Home Mortgage Disclosure Act Data Requirements

NASCUS Legislative and Regulatory Affairs Department
February 16, 2024

On February 15, 2024, NCUA issued Risk Alert 24-RA-01 which outlines the 2024 reporting requirements for credit unions that meet the criteria for HMDA reporting under the CFPB’s Regulation C.

A credit union must collect HMDA data for mortgage loan applications processed during 2024 and submit the data to the CFPB no later than March 3, 2025, if the credit union meets the following four criteria:

1. The credit union had total assets above $56 million as of December 31, 2023;
2. The credit union had a home or branch office in an MSA on December 31, 2022;
3. The credit union originated at least one home purchase loan or refinanced a home purchase loan, secured by a first lien one-to four-unit dwelling in 2023; and
4. The credit union originated at least 25 covered closed-end mortgage loans in 2022 and 2023 or at least 200 covered open-end lines of credit in 2022 and 2023.

Partial Reporting Exemptions

What qualifies as a partial exemption?

To assist credit unions in determining whether they qualify for a partial exemption the alert provides the following table with examples.

If a credit union originated less than 500 covered closed-end loans in 2022 and 2023 they would not be required to collect and report 26 of the 48 data points. Similarly, a credit union would not be required to collect and report the 26 data points for open-end lines of credit if they originated less than 500 covered open-end lines of credit in 2022 and 2023.

These partial exemptions operate independently of one another. Therefore, a credit union may rely on one partial exemption but not the other.

To further assist credit unions, the alert also provides a resource link to the 2023 A Guide to HMDA Reporting: Getting it Right which outlines the data points for partial exemption and those data points not covered by the exemptions.

Submission of 2023 HMDA Data

The NCUA also reminds credit unions subject to HDMA requirements for 2023, that they must submit their loan/application register (LAR) data to the CFPB using the HMDA Platform by March 1, 2024.

 

NCUA Proposed Rule: Role of Supervisory Guidance (Part 791, Subpart D)

Prepared by NASCUS Legislative & Regulatory Affairs Department
December 2020

 NCUA is proposing an addition to § 791 that would codify the 2018 interagency statement issued by NCUA and its sister agencies that reiterated that supervisory guidance does not have the force and effect of law. The proposal also makes several modifications to the 2018 Statement.

The proposed rule may be read here. Comments are due to NCUA on January 4, 2021.

Summary

NCUA and the agencies issued the 2018 Statement to explain the agencies’ approach to supervisory guidance, including:

• interagency statements
• advisories
• bulletins
• policy statements
• FAQs

In the 2018 Statement, the agencies affirm that supervisory guidance outlines the agencies’ supervisory expectations or priorities and articulates the agencies’ general views regarding appropriate practices for a given subject area, but does not create binding, enforceable legal obligations.

The 2018 Statement reaffirms that the agencies do not issue supervisory criticisms for ‘‘violations’’ of supervisory guidance.

In 2018, the agencies indicated they would:

• limit the use of numerical thresholds in guidance
• reduce the issuance of multiple supervisory guidance on the same topic
• continue efforts to make the role of supervisory guidance clear in communications to examiners and supervised institutions
• encourage supervised institutions to discuss their concerns about supervisory guidance with their appropriate agency contact

In codifying the 2018 Statement, NCUA and the agencies propose the following clarifications and changes:

• There was some confusion as to whether the 2018 Statement’s reference to not basing ‘‘criticisms’’ on violations of supervisory guidance included “matters requiring attention” (MRAs) or other supervisory actions. To clarify, the proposed statement would define ‘‘criticize’’ to include the issuance of MRAs and other supervisory criticisms, including those communicated through matters requiring board attention, documents of resolution, and supervisory recommendations. The agencies reiterate that examiners will not base supervisory criticisms on a ‘‘violation’’ of or ‘‘noncompliance with’’ supervisory guidance.

Specifically, the 2018 Statement read:

“Examiners will not criticize a supervised financial institution for a “violation” of supervisory guidance.”

The proposed addition to § 791 would read:

“Examiners will not criticize (including through the issuance of matters requiring attention, matters requiring immediate attention, matters requiring board attention, documents of resolution, and supervisory recommendations) a supervised financial institution for, and agencies will not issue an enforcement action on the basis of, a “violation” of or “non-compliance” with supervisory guidance.”

• Industry had also expressed concerns that at times supervisory criticisms included generic references to safety and soundness. The agencies agree that supervisory criticisms should be specific as to the issue affecting safety and soundness. The proposed changes to § 791 would include the following statement:

The proposed rule would read:

Supervisory criticisms should continue to be specific as to practices, operations, financial conditions, or other matters that could have a negative effect on the safety and soundness of the financial institution, could cause consumer harm, or could cause violations of laws, regulations, final agency orders, or other legally enforceable conditions.

• The agencies stress that the guidance being codified addresses the use of guidance in the supervisory process and not the standards for supervisory criticism in general. To address what they characterize as “confusion” the agencies have eliminated the following sentences from the 2018 Statement:

“Rather, any citations will be for violations of law, regulation, or non-compliance with enforcement orders or other enforceable conditions. During examinations and other supervisory activities, examiners may identify unsafe or unsound practices or other deficiencies in risk management, including compliance risk management, or other areas that do not constitute violations of law or regulation.”

Specific Request for Comment

The agencies ask for specific comment on the following questions:

Question #1

The proposed Statement provides that in some situations, examiners may reference (including in writing) supervisory guidance to provide examples of safe and sound conduct, appropriate consumer protection and risk management practices, and other actions for addressing compliance with laws or regulations. Should examiners reference supervisory guidance to provide examples of safe and sound conduct, appropriate consumer protection and risk management practices, and other actions for addressing compliance with laws or regulations when criticizing (through the issuance of matters requiring attention, matters requiring immediate attention, matters requiring board attention, documents of resolution, supervisory recommendations, or otherwise) a supervised financial institution? Are there specific situations where providing such examples would be appropriate, or specific situations where providing such examples would not be appropriate?

Response

---

Question #2	1.     2. Is it sufficiently clear what types of agency communications constitute supervisory guidance? If not, what steps could the agencies take to clarify this? 3. Are there any additional clarifications to the 2018 Statement that would be helpful?
Response

---

Question #3	Are there any other additional clarifications needed to the 2018 Statement?
Response

---

Question #4	Are there other aspects of the proposed rule about which you wish to comment?
Response

---

Question #5	NCUA and the agencies ask several related questions regarding the use of plain language. They seek general feedback on whether the proposal is clearly organized and clearly presented. If not, what changes should be made to state the intent more clearly?
Responses

 

Summary: NCUA Proposed Rule (FCUs Only); Derivatives Part 703

Prepared by NASCUS Legislative & Regulatory Affairs Department
November 2020

NCUA has proposed changes to Subpart B of Part 703, NCUA’s derivatives rule for federal credit unions (FCU).NCUA first approved derivatives for FCUs in 2014. NCUA’s derivatives rule only applies to FCUs. Federally insured state credit unions (FISCUs) are currently only required to notify NCUA if they intend to use derivatives pursuant to state law. See 741.219.

NCUA now proposed to eliminate the requirement that FISCUs notify NCUA 30-days prior to engaging in derivatives transactions and replace it with a requirement that FISCUs notify NCUA within 5 days after HAVING ENGAGED in a derivatives transaction.

The proposed changes for FCUs would:

• Eliminate the pre-approval process for FCUs that are “complex” (assets of $500m+) with a Management CAMEL component rating of “1” or “2”
• Eliminate the interim approval step for non-“complex” credit unions
• Eliminate the specific product permissibility and replace it with mandatory characteristics
• Eliminate the regulatory limits on the amount of derivatives

The proposed rule may be read here. Comments are due to NCUA December 28, 2020.

Summary

NCUA’s current derivatives rule is intentionally prescriptive. In 2014, NCUA felt FCUs lacked the experience to use derivatives and NCUA lacked the expertise to administer a derivatives rule. As NCUA provides FCUs with greater flexibility, it stresses that FCUs must maintain strong prudential controls, including appropriate risk management by experienced staff, as well as suitable policies, procedures, and management oversight.

FISCUs – § 741.219

NCUA’s current rule DOES NOT limit or otherwise affect FISCU derivatives authority. NCUA’s rule only requires FISCUs give NCUA notice of the intent to engage in derivatives transactions 30-days prior. NCUA now proposes amending Part 741.219(b) to simply require notice within 5 days AFTER a FISCU enters into its first derivatives transaction.

(b) Any credit union which is insured pursuant to title II of the Act must notify the applicable NCUA Regional Director in writing within five business days after entering into its first Derivatives transaction. Such transactions do not include those included in § 703.14 of this chapter.

FCU Changes

Loan Pipeline Management & “Put Options” – Part 701(21)(i)

NCUA allows FCUs to use Put Options as a form of loan pipeline management. NCUA is moving this authority from § 701.21(i) to consolidate it with other pipeline management authorities in a revised § 701.14(k). NCUA is not changing the FCU authority in existing § 701.21(i) other than to relocate it.

Mutual Funds – § 703.100

The current rule prevents FCUs from investing in registered investment companies or collective investment funds where the prospectus of the company or fund permit the investment portfolio to contain Derivatives. NCUA now proposes to allow FCUs to invest in mutual funds that engage in derivatives for the purpose of managing to manage IRR. In the Supplemental material, NCUA stresses that FCUs may not invest in mutual funds that engage in derivatives that do not manage IRR.

Definitions – § 703.102

NCUA is proposing making changes to several definitions, adding several definitions, and deleting some others. Specifically, NCUA is making revisions to the following defined terms (see page 68489 of the proposal):

• Counterparty
• Interest Rate Risk
• Margin
• Master Service Agreement
• Net Economic Value
• Senior Executive Officer
• Threshold Amount
• Trade Date

In addition, NCUA will the following definitions (see page 68490 of the proposal):

• Domestic Counterparty – to be defined as a counterparty domiciled in the United States. The proposal would only allow FCUs to enter into derivatives transactions with Domestic Counterparties.
• Domestic Interest Rates – to be defined as interest rates derived in the United States and are U.S. dollar denominated.
• Earnings at Risk – to be defined as the changes to earnings, typically in the short term, caused by changes in interest rates. This type of modeling would be required for an FCU’s asset/ liability risk management under the proposal.
• Written Options – to be defined as options where compensation has been received and the purchaser has the right, not obligation, to exercise the option on a future date. The proposed rule would prohibit Written Options for FCUs.

NCUA would eliminate the following existing definitions in a new rule:

Amortizing Notional Amount Basis Swap Cleared Swap Credit Support Annex Derivative Clearing Organization Exchange Fair Value Forward Start Date Futures Futures Commission Merchant (FCM Hedge

Interest Rate Swap Introducing Broker ISDA Protocol Leveraged Derivative Minimum Transfer Amount Non-cleared Notional Amount Reporting Date Swap Dealer Swap Execution Facility Unamortized Premium

Requirements/Characteristics of Permissible Interest Rate Derivatives – § 703.103

NCUA will replace existing § 703.102, Permissible Derivatives with the new proposed § 703.103 titled ‘‘Requirements related to the characteristics of permissible interest rate Derivatives.’’ This new section will replace prescriptive prohibitions with principle-based characteristics such as:

• Denominated in U.S. dollars
• Based off Domestic Interest Rates or dollar-denominated London Interbank Offered Rate (LIBOR)
• A contract maturity equal to or less than 15 years, as of the Trade Date
• Not used to create Structured Liability Offerings for members of nonmembers

FCUs could enter into derivatives transactions that meet those characteristics. In addition, FCUs would be allowed to participate in:

• interest rate swaps
• basis swaps
• purchased interest rate caps
• purchased interest rate floors
• S. Treasury note futures

NCUA would eliminate the following requirements:

• forward start date limitations
• fluctuating notional amount limitations
• restriction on leveraged derivatives
• meeting the definition of derivative under GAAP

NCUA is retaining the prohibition against Written Options, but seeks comments on whether FCUs should be allowed to engage in Written Options for managing IRR.

Requirements for Counterparty Agreements, Collateral and Margining – § 703.104

Revising the requirements for counterparty agreements, collateral and margining, NCUA is proposing to require FCUs have an executed Master Services Agreement with a Domestic Counterparty that must be reviewed by counsel with relevant expertise in similar types of transactions. FCUs would also be required to use contracted Margin requirements with a maximum Margin threshold amount of $250k and accept only U.S. dollars, S. Treasuries; GSE or US government agency debt, GSE residential mortgage-backed security pass-through securities, or S. government agency residential mortgage-backed security pass-through securities as collateral.

Reporting Requirements – § 703.105

NCUA currently requires FCUs provide their board of directors, senior executives a comprehensive derivatives report. Under the proposal, NCUAS would retain the requirements for quarterly reporting to the FCU’s board and monthly reporting to executive management. NCUA is also retaining the requirements outlining what must be included in these reports.

Operational Support Requirements, Required Experience & Competencies – § 703.106(a)

NCUA will retain the current rule’s competency requirements, including:

• Prior to engaging in derivatives, FCU’s board must obtain training
• Senior executive officers must have knowledge and ability to supervise the program
• The FCU’s board must be briefed annually on the program

The briefing requirement replaces an ongoing annually training requirement.

Operational Support Requirements; Required Review and Internal Controls Structure – § 703.106(b)

NCUA is retaining the requirement that an FCU identify and document the circumstances that lead to the decision to execute a transaction, specify the strategy the credit union will employ, and demonstrate the economic effectiveness of the transaction. NCUA is proposing to reduce the number of required internal controls reviews an FCU must conduct from at least once each year for the first 2 years to just 1 review in the first year.

The Board is retaining the current rule’s requirement that any FCU engaging in derivatives must obtain an annual financial statement audit and account for all transactions consistent with GAAP. NCUA also proposes adding a requirement for a a liquidity review.

External Service Providers – § 703.107

FCUs will be able to use External Service Providers (ESPs). FCUs will be able to use the ESPs provided the ESP does not:

• Act as a counterparty to any Derivatives transactions that involve the FCU
• Act as a principal or agent in any Derivatives transactions that involve the FCU
• Have discretionary authority to execute any of the FCU’s Derivatives transactions

FCUs will be required to document the role of the ESPs in the FCU’s policies and procedures. NCUA also stresses that an FCU’s use of ESPs does not alleviate the credit union of its responsibility to employ qualified personnel in accordance with the operational support requirements of the proposed rule.

Notification and Application Requirements – § 703.108

NCUA proposes eliminating the application process for FCUs with at least $500m in assets and a CAMEL Management component rating of 1 or 2. FCUs would be required to provide the applicable RD a written notification within five business days after entering into its first Derivative transaction.

Regulatory Violation or Unsafe and Unsound Condition – § 703.109

If an FCU no longer meets requirements of the rule, the FCU must immediately stop entering into any new derivative transactions.

Final Rule: Corporate Credit Unions (Part 704)

Prepared by NASCUS Legislative & Regulatory Affairs Department
December 2020

NCUA has issued a final rule amending its corporate credit union regulations in § 704. The final rule addresses several provisions of the NCUA’s corporate credit union rule, including:

• permitting a corporate credit union to make a minimal investment in a credit union service organization (CUSO) without the CUSO being classified as a corporate CUSO pursuant to § 704
• expanding the categories of senior staff positions at member natural person credit unions (NPCUs) eligible to serve on a corporate credit union’s board
• amending the minimum experience and independence requirement for a corporate credit union’s enterprise risk management (ERM) expert
• clarifies the definition of a collateralized debt obligation
• simplifies the requirement for net interest income modeling

The Final Rule may be read here. The final rule is effective December 14, 2020.   

NCUA’s corporate credit union rule applies to state-chartered corporate credit unions by reference in § 741.206.

Summary

• Minimal Investment in Natural Person CUSOs

Under the final rule, corporate credit unions will be allowed to make de minimus, non-controlling investment in a NPCU CUSO without that CUSO being classified as a corporate CUSO. Corporate CUSO are subject to much more prescriptive regulations than NPCU CUSOs. For example:

• permissible activities for a corporate CUSO are more limited than the permissible activities for a NPCU CUSOs
• corporate CUSOs must agree to give NCUA complete access to personnel, facilities, equipment, books, records, & other documentation that NCUA deems pertinent while NPCU CUSOs must only provide access to its books & records & the ability to review its internal controls
• corporate CUSOs must provide quarterly financial statements to the corporate credit union whereas NPCU CUSOs must prepare quarterly financial statements, but do not have to provide the statements to FCUs

With this rule change, NPCUs might be more willing to allow small corporate credit union investments into their CUSOs which could benefit NPCUs by opening a new pool of investors and benefit corporates by allowing them to leverage the innovation of NPCU CUSOs.

• New Definitions – § 704.2

The final rule has several new definitions, including:

• Consolidate CUSO – any CUSO the assets of which are consolidated with those of the corporate credit union for purposes of reporting under GAAP

• Corporate CUSO – a CUSO in which one or more corporate credit unions have a controlling interest, defined as:

(1) the CUSO is consolidated on a corporate credit union’s balance sheet;

(2) a corporate credit union has the power, directly or indirectly, to direct the CUSO’s management or policies;

(3) a corporate credit union owns 25% or more of the CUSO’s contributed equity, stock, or membership interests; or

(4) the aggregate corporate credit union ownership of all corporates investing in the CUSO is 50% or more of the CUSO’s contributed equity, stock, or membership interests

• Credit Union Service Organization (CUSO) – the final rule defines a CUSO as applying to both corporate CUSOs and NPCU CUSOs.

Loans to CUSOs

Under the final rule, a corporate credit union making loans to NPCU or corporate CUSOs must have a board-approved policy that:

• provides for ongoing control, measurement, and management of CUSO lending
• includes qualifications and experience requirements for personnel involved in underwriting, processing, approving, administering, and collecting loans to CUSOs
• establishes the loan approval process, underwriting standards, and risk management processes

In addition, NCUA requires any NPCU CUSO in which a corporate credit union invests or to which a corporate credit union makes a loan must comply with § 712 in its entirety.

Disclosure of Executive Compensation – § 704.19

Section 704.19 currently requires that each corporate credit union annually prepare and maintain a document that discloses the compensation of certain employees, including compensation received from a corporate CUSO. Under the final rule, employee compensation from either a NP CUSO or a corporate CUSO must be reported. Corporate CUSOs are required to report the compensation of a dual employee, however there is no requirement for the NPCU CUSO to report the income, therefore the dual employee is obligated to report the income to the corporate credit union in order for that corporate credit union to meet its reporting obligations.

Corporate Credit Union Board Representation – § 704.14

Currently, NCUA rules require corporate credit union directors hold the following positions as a NPCU: CEO, CFO, COO, treasurer, or manager. The final rule makes this preceding list a set of examples and requires only that the corporate credit union directors hold a senior management position at a NPCU.

Enterprise Risk Management – § 704.21

NCUA has eliminated the prescriptive independence and experience rules related to the required ERM position in corporate credit unions. The final rule also clarifies that the ERM expert may report either to the corporate credit union’s board of directors or to the ERMC. Corporate credit unions now have the flexibility the appropriate level of experience necessary for the position and the reporting structure. The ERM officer and function should be commensurate with the complexity and risk of the corporate credit union. NCUA will evaluate the adequacy of a corporate credit union’s enterprise risk management practices through the supervisory process.

Summary: ANPR, Simplification of the RBC Requirements (Parts 702 & 703)

Prepared by NASCUS Legislative & Regulatory Affairs Department
February 2021

---

NCUA has published an Advance Notice of Proposed Rulemaking (ANPR) to solicit comments on simplifying the October 29, 2015 final risk-based capital (RBC) rule scheduled to take effect on January 1, 2022. NCUA proposes 2 different approaches for simplifying the rule:

• Replace the RBC rule with a Risk-based Leverage Ratio (RBLR) requirement, which uses relevant risk attribute thresholds to determine which complex credit unions would be required to hold additional capital (buffers).
• Retain the 2015 final RBC rule but enable eligible complex FICUs to opt-in to a “complex credit union leverage ratio” (CCULR) framework to meet all regulatory capital requirements (modeled on the “Community Bank Leverage Ratio” framework).

The proposed rule may be read here. Comments are due to NCUA 60 days after publication in the Federal Register.  

Summary

The 1998 Credit Union Membership Access Act (CUMAA) added § 216 to the Federal Credit Union Act (FCUA) creating a system of Prompt Corrective Action (PCA) for federally insured credit unions (FICUs).

Section 216(d)(1) of the FCUA required that the PCA rules include both the statutory net worth ratio requirements as well as a risk-based net worth requirement for credit unions that are complex (as defined by NCUA). NCUA implemented § 216 by rule in 2000. In 2015, NCUA finalized revisions to the rule that included replacing a credit union’s RBNW ratio with a RBC ratio. The 2015 rule defined complex credit unions as having

total assets over $100 million. In 2018, NCUA raised that threshold again to $500 million. The rule however will not take effect until January 1, 2022.

NCUA now seeks input on 2 potential alternatives to the 2015 (as amended) RBC rule. As noted above, the Risk-Based Leverage Ratio (RBLR) approach would include repealing the 2015 final rule in its entirety and recreating an entirely new risk-based capital rule. The Complex Credit Union Leverage Ratio (CCULR) would amend the 2015 rule to provide an alternative framework for some qualifying credit unions.

Option 1: Replacing the Entire 2015 RBC Rule with The Risk-Based Leverage Ratio (RBLR)

NCUA seeks input on whether it should repeal the 2015 RBC rule and replace it with a “simpler” framework that would be easier for credit unions to understand and for NCUA to administer. The simplified framework would still, in NCUA’s view:

• comply with all applicable statutory and legal requirements, including the statutory PCA requirements
• be easier to understand and use
• effectively identifies risk characteristics that trigger commensurate capital requirements.

The new approach would be called a risk-based leverage ratio (RBLR) and would utilize certain risk characteristics to determine the required capital level rather than risk weight all assets and off-balance sheet activities (as is done in the current 2015 rule approach). NCUA is also considering using the net worth ratio as the RBLR measurement, which is already a well-established, simplified, and observable measurement.

Under this approach, the net worth ratio would be supplemented with mandatory capital buffers when certain risk factors are triggered. The capital buffers would be a discreet percentage of net worth-to-total assets over 7%. NCUA is considering using the asset categories from the 2015 Final Rule as risk factors. For example, the 2015 rule weights the following categories as higher risk:

• non-current loans
• commercial loans exceeding 50% of assets
• junior lien real estate loans exceeding 20% of assets
• mortgage servicing rights
• other investment activities

If a FICU met a certain threshold of activity, then that could trigger a requirement to hold a buffer amount of net worth. The buffer amount might also vary based on the level of the applicable threshold. The minimum leverage ratio necessary to be well capitalized under RBLR would remain at 7%, with two higher tiers applied to those complex credit unions exhibiting quantified amounts of higher relative risk. The defining risk attributes would be a function of the types and concentration of underlying assets.

NCUA envisions converting the current computational framework for complex credit unions into a three-tiered system of minimum leverage ratios for all complex FICUs would be much simpler and would significantly reduce the Call Report requirements and utilize a measurement that FICUs are already familiar with.

However, NCUA cautions that while an RBLR approach would be simpler, it may also result in a higher capital requirement for certain FICUs that have riskier assets when compared to the risk-based capital framework.

NCUA seeks general feedback on this approach, and comments on the following specific questions:

• Question #1: Does the RBLR have merit as an alternative to the RBC framework under the 2015 Final Rule. What risk characteristics should be incorporated into the RBLR? Are the higher risk-weighted asset categories from the 2015 RBC rule framework the correct starting point, or should the Board consider a different approach?
• Question #2: What risk thresholds should be used for the risk factors. What measurements should be used and how would the measurement be reported and monitored? Should there be more than one capital buffer for a risk factor based on the measurement? How would multiple measurements be combined or weighted to determine the threshold?
• Question #3: What capital buffers over the well-capitalized seven percent threshold should be used?

Impact of RBLR on Subordinated Debt Final Rule

Any changes to NCUA’s capital rules would potentially affect NCUA’s recently finalized Subordinated Debt rule. The Subordinated Debt Rule is a direct amendment to the 2015 Final RBC rule. Therefore, rescinding the 2015 rule to replace it with the RBLR framework would fundamentally alter the structure of the Subordinated Debt rule. For example, using a net-worth based rule may not provide a means for non-LICUs to use subordinated debt because the FCUA includes a definition of net worth the limits use of such instruments to LICUs.

• Question #4: How may a non-LICU complex credit union be able to apply subordinated debt towards an RBLR capital calculation?

Option 2: Amending the 2015 RBC Rule to Include a Complex Credit Union Leverage Ratio (CCULR)

In 2019, federal banking agencies (FBAs) promulgated the Community Bank Leverage Ratio (CBLR ), an optional framework to the RBC requirements for depository institutions and depository institution holding companies that meet the following 5 criteria:

• A leverage ratio greater than 9%
• Total consolidated assets of less than $10 billion
• Total off-balance sheet exposures of 25% or less of its total consolidated assets;
• Trading assets plus trading liabilities of 5% or less of its total consolidated assets
• Not an advanced approaches banking organization

“Qualifying community banking organizations” meeting these 5 criteria that opt into the CBLR framework are considered to be in compliance with the FBAs applicable RBC and leverage capital requirements. In exchange, the qualifying banking organization must maintain a greater amount of capital than normally required to be deemed well capitalized. Qualifying community banking organizations may opt into or out of the CBLR framework at any time.

The banking framework includes a 2-mquarter grace period during which a qualifying community banking organization that temporarily fails to meet any of the qualifying criteria, including the greater than 9% leverage ratio requirement, will still be deemed well capitalized. However, the qualifying community banking organization must maintain a leverage ratio greater than 8%.

At the end of the grace period, the banking organization must meet all qualifying criteria to remain in the CBLR framework or otherwise must comply with and report under the generally applicable risk-based and leverage capital requirements. A banking organization that fails to maintain a leverage ratio greater than 8% will not be permitted to use the grace period and must comply with the generally applicable capital requirements and file the appropriate regulatory reports.

NCUA is considering developing the CCULR as a similar approach for credit unions. Complex credit unions meeting certain criteria and choosing to opt-into the approach would be relieved from the requirement of calculating a risk-based capital ratio as implemented by the 2015 rule. Rather, qualifying complex credit union would be required to maintain a higher net worth ratio than is otherwise required for the well-capitalized classification.

This is a similar trade-off to the one made by qualifying community banking organizations under the CBLR.

• Question #5: Should the NCUA capital framework be amended to adopt an “off-ramp” such as the CCULR to the risk-based capital requirements of the 2015 Final Rule?
• Question #6: The Board invites comment on the criteria for CCULR eligibility. Should the Board adopt the same qualifying criteria as established by the other banking agencies for the CBLR? In recommending qualifying criteria regarding a credit union’s risk profile, please 19 provide information on how the qualifying criteria should be considered in conjunction with the calibration of the CCULR level under question 7, below.
• Question #7: What assets and liabilities on a FICU’s Call Report should the Board consider in determining the net worth threshold? How should each of these items be weighted?
• Question #8: What are the advantages and disadvantages of using the net worth ratio as the measure of capital adequacy under the CCULR? Should NCUA consider alternative measures for the CCULR? For example, instead of the existing net worth definition, the CCULR could use the risk-based capital ratio numerator from the 2015 Final Rule, similar to the “Tier 1 Capital” measure used for banking institutions.
• Question #9: Should all complex credit unions be eligible for the CCULR, or should the Board limit eligibility to a subset of these credit unions? For example, the Board could consider limiting eligibility to the CCULR approach to only complex credit unions with less than $10 billion in total assets.
• Question #10: The Board invites comment on the procedures a qualifying complex credit union would use to opt into or out of the CCULR approach. What are commenters’ views on the frequency with which a qualifying complex credit union may opt into or out of the CCULR approach? What are the operational or other challenges associated with switching between frameworks?
• Question #11: What should be the treatment for a complex credit union that no longer meets the definition of a qualifying criteria after opting into the CCULR approach. Should NCUA consider requiring complex credit unions that no longer meet the qualifying criteria to begin to calculate their assets immediately according to the risk-based capital ratio? Should a grace period be provided? What other alternatives should NCUA consider with respect to a complex credit union that no longer meets the definition of a qualifying complex credit union and why? Is notification that a credit union will not meet the qualifying criteria necessary?

Summary: Proposed rule, Risk Based Net Worth – COVID 19 Relief; Complex credit union threshold (Part 702)

Prepared by NASCUS Legislative & Regulatory Affairs Department

February 2021

NCUA is proposing to raise the asset threshold for defining a credit union as “complex” for purposes of being subject to risk-based net worth (RBNW) requirement in § 702 of the NCUA’s regulations. The proposal would amend § 702 to apply the RBNW to FICUs with quarter-end assets that exceed $500 million.

The proposed rule may be read here. Comments are due to NCUA 30 days after publication.

Summary

Currently, the NCUA defines a credit union as complex and subject to the RBNW requirement only if the credit union has quarter-end assets that exceed $50 million and its risk-based net worth requirement exceeds 6%. NCUA has also issued rules to create a risk-based capital (RBC) requirement for larger complex credit unions with assets over $500 million which will become effective on January 1, 2022. However, until that effective date in 2022, the RBC rules still apply to credit unions with only $50 million in assets.

NCUA now proposes amending § 702.103 to raise the RBNW threshold to $500 million to match the RBC threshold. NCUA notes that even with the raised RBNW threshold, 81.6% of FICU assets would be classified as complex. In terms of relief, NCUA notes that increasing complexity threshold to $500 million would provide potential relief to 1,737 FICUs. In addition, there are 94 complex credit unions with assets totaling $66 billion which are required to hold capital above 7% to be well capitalized based on their risk-based net worth requirement. Of the 94 credit unions, 67 have assets less than $500 million and would no longer be required to hold more capital to remain well capitalized. This would allow those credit union redeploy their capital to assist their members.