NCUA Notice of Proposed Rulemaking Summary: Chartering and Field of Membership

Notice of Proposed Rulemaking and Request for Comment
NCUA: Chartering and Field of Membership

NASCUS Legislative and Regulatory Affairs Department

On February 28, 2023, the NCUA published a notice of proposed rulemaking that would amend its chartering and field of membership (FOM) rules. If finalized the proposal would provide amendments to:

  • Expand financial services to low- and moderate-income communities;
  • Expand membership eligibility to family members after the death of a member
  • Streamline requirements for community-based FOM applications and clarify procedures.

The proposed amendments result from the agency’s experience in addressing FOM issues relating to community charters and service to underserved areas, along with its study of FOM issues through the Board’s Advancing Communities through Credit, Education, Stability, and Support (ACCESS) initiative. Additionally, the Board is seeking feedback about several aspects of FOM issues for consideration with respect to future policy refinements.

Due to the scope and complexity of the proposed changes and additional issues presented for feedback, the Board has issued the proposal with a 90-day comment period.

The proposed rule can be found here. Comments are due May 30, 2023.

Summary

The proposed rule would make nine changes to the NCUA’s Chartering and Field of Membership Manual (Manual) to enhance consumer access to financial services while reducing duplicative or unnecessary paperwork and administrative requirements. The NCUA states the goal of the proposed changes is to eliminate unnecessary burdens while enhancing the agency’s focus on the core principles of credit union membership. The proposed changes cover underserved areas, community-based FOMs, and some more broadly applicable FOM provisions.

Underserved Area Additions

The Federal Credit Union Act (FCUA) currently permits only multiple common bond FCUs to add underserved areas to their FOM beyond the common bond requirements specified in the FCUA. [1]

Currently, if a multiple common bond FCU seeks to add an underserved area to its FOM as an investment area it must satisfy the CDFI Fund’s economic distress criteria.[2] Based on feedback from the industry surrounding these criteria and the requirements of the current Manual the NCUA Board is proposing four changes to the requirements that apply to multiple common bond FCUs that seek to serve underserved areas.

The proposed changes would accomplish the following:

  1. Clarify the Board’s intent to provide flexibility to multiple common bond FCUs serving underserved areas based on rural districts;
  2. Clarify how the NCUA applies the CDFI Fund’s economic distress criteria as the FCUA requires;
  3. Eliminate census block groups as a geographic unit for composing underserved areas, in adherence to a regulatory change that the CDFI Fund has adopted; and
  4. Simplify and reduce the burden for FCUs on the required statement of unmet needs that must accompany a request to serve an underserved area.

Community Charter Conversions and Expansions

The proposed rule would make three changes to reduce the regulatory burden for community charter applications or conversions. Specifically, the proposed rule would:

  1. Establish a simplified business and marketing plan for community charter applications;
  2. Provide a standardized, fillable application for community charter conversion or expansion requests; and
  3. Eliminate the requirement for Federally Insured State Chartered Credit Unions (FISCUs) applying to convert to a federal community charter to submit a business and marketing plan under certain conditions.

After studying the existing requirements and considering its “substantial experience in processing and reviewing various applications” the Board is proposing targeted relief in this area. The agency feels the changes would not undermine the goals that the plans serve and would instead reduce or eliminate paperwork requirements while “sharpening the agency’s focus on the substantive merits of each application.”

Simplified Business and Marketing Plan

Currently, credit unions are required to provide a description of the current and proposed office/branch structure, including a general description of the location(s), parking availability, public transportation availability, drive-through service, lobby capacity, or any other service feature illustrating community access.

Under the proposed rule, the credit union would be required to provide branch details including how many service facilities are in the area, whether the credit union participates in shared branching, the number of ATMs (owned and shared), any new branches planned, use of electronic delivery channels, and how the credit union will sign up low- and moderate-income individuals. By eliminating the need for providing granular details about the branch structure, the NCUA hopes to encourage applicants to spend more time determining how to best meet the evolving needs of their members and considering innovative service delivery channels like virtual banking.

Standardized Fillable Application for Community Charter Requests

The proposed rule would require the use of a fillable, standardized application for all community charter actions. The standardized application should better focus credit unions on critical requirements and ensure uniform NCUA reviews across applications. The use of the standardized application form should reduce the number of follow-up requests from the NCUA for additional information. The proposed form is available for review within the Regulations.gov docket for this notice of proposed rulemaking.

Requirements for Community-Based State-Chartered Credit Unions Converting to an FCU

The proposed rule would amend the Manual’s business and marketing plan requirements for FISCUs that already serve the community applying to become a federal community charter. In place of the plan’s current requirements,[3] the proposed rule would require a FISCU to submit a statement addressing the following topics:

  1. Does the existing community consist of a portion of a Core Based Statistical area or a Combined Statistical area? If so, please explain the credit union’s basis for selecting its service area.
  2. Describe products and services you offer or plan to offer to low- and moderate-income and underserved members.
  3. How will you market to the low-and moderate-income, and underserved (economically distressed) people, and those with unique needs, in the community?

This proposed change would NOT apply to single or multiple common bond FISCUs converting to an FCU community charter. These credit unions would have to submit a business and marketing plan. This change would also not apply to non-federally insured credit unions.

Groups Sharing a Common Bond with Community Areas

The Board is also proposing a targeted addition to the affinity groups eligible for membership in community-based FCUs. The manual currently defines an affinity as a relationship on which a community charter is based outlining four types of affinity groups eligible for membership in FCUs serving communities or rural districts, primarily persons who live, work, worship, or attend school in the community or rural district.[4]

To address the increasing trends in telecommuting and decentralized workspaces, the Board is proposing to add a fifth affinity to include a paid employee for a legal entity headquartered in the community, neighborhood, or rural district. The NCUA believes this proposed change will help FCUs adapt to serve everyone with ties to a community by providing employees access to a community credit union with which they have a bond through their employer, even if they do not physically work in the well-defined local community or rural district.

Eligibility of Immediate Family Members of Decedents

The NCUA is also proposing an update to the groups of persons who may join an FCU based on a common bond with its members or the FCU. Under the current options available for FCUs to enroll secondary members, immediate family or household members of decedents are not eligible for membership unless the person was a spouse of a person who died while within the field of membership of the credit union.

The proposal would amend the Manual to update the definition of secondary members for each common bond type to include every member of a decedent’s immediate family or household for a 6-month period following the decedent’s passing.

Updated References for Review of Prospective Management and Officials

Finally, the proposed rule would make a technical clarification and correction to the Manual provision regarding the agency’s evaluation and disapproval of directors and other management officials for applicants for NCUSIF coverage. The goal of the change is to reduce confusion for applicants and provide a clearer explanation of which authorities govern this review process.

Comments

The NCUA Board is seeking feedback on all elements of the proposed rule. Comments can be submitted electronically via regulations.gov or via the NCUA website: https://www.ncua.gov/​regulation-supervision/​rulemakings-proposals-comment. Following the instructions for submitting comments.

[1] 12 U.S.C. 1759(b)

[2] 12 CFR 1805.101

[3] 12 U.S.C. 1771; Manual, Chapter 4, Section II

[4] 12 U.S.C 1771; Manual, Chapter 2, Section V.A.1.

Summary re: CFPB Review/Request for Comment: Regulation Z Mortgage Loan Originator Rules Review Pursuant to the Regulatory Flexibility Act

12 CFR Part 1026

The Consumer Financial Protection Bureau (CFPB) issued a notice and request for comments regarding a review of Regulation Z’s Mortgage Loan Originator Rules pursuant to Section 610 of the Regulatory Flexibility Act.

Comments must be received by May 1, 2023, and the notice can be found here.

Summary:

Regulation Z, implements the Truth in Lending Act, among other things, imposes certain requirements on: loan originator compensation; qualification of; and registration or licensing of, loan originators; compliance procedures for depository institutions; mandatory arbitration; and the financing of single premium credit insurance.  As part of the review, the Bureau is seeking comment on the economic impact of the loan originator rules on small entities. These comments may assist the Bureau in determining whether the loan originator rules should be continued without change or amended or rescinded to minimize any significant economic impact of the rules upon a substantial number of such small entities, consistent with the stated objectives of applicable Federal statutes.

Section 610 provides that the purpose of the review is to determine whether such rules should be continued without change, or should be amended or rescinded, consistent with the stated objectives of applicable statutes, to minimize any significant economic impact of the rules upon a substantial number of such small entities. In each review, agencies must consider several factors:

  • The continued need for the rule;
  • The nature of public complaints or comments on the rule;
  • The complexity of the rule;
  • The extent to which the rule overlaps, duplicates, or conflicts with Federal, State, or other rules; and
  • The time since the rule was evaluated or the degree to which technology, market conditions, or other factors have changed the relevant market.

Request for Comment:

The Bureau asks the public to comment on the impact of Regulation Z’s Mortgage Loan Originator Rules on small entities by reviewing the following factors.  Where possible, please submit detailed comments, data, and other information to support any submitted positions.

  • The continued need for the Rules based on the stated objectives of applicable statutes and the Rules;
  • The complexity of the Rules;
  • The extent to which the Rules overlap, duplicate or conflict with other Federal rules, and, to the extent feasible, with State and local governmental rules;
  • The degree to which technology, market conditions, or other factors have changed the relevant market since the rule was evaluated, including:
  • How the impacts of the Rules as a whole, and of major components or provisions of the Rules, may differ by origination channel, product type, or other market segment;
  • The current scale of the economic impacts of the Rules as a whole, and of major components or provisions of the Rules, on small entities; and
  • Other current information relevant to the factors that the Bureau considers in completing a Section 610 review under the RFA, as described above.
NCUA Final Rule Summary: Cyber Incident Notification Requirements for Federally Insured Credit Unions

NASCUS Legislative and Regulatory Affairs Department
March 7, 2023

At the February 16, 2023, meeting, the NCUA Board approved a final rule amending Part 748 of its regulations to require federally insured credit unions (FICUs) to report an incident to NCUA as soon as possible, but no later than 72 hours after a FICU reasonably believes it has experienced a reportable cyber incident. The notification requirement is intended to be an “early alert” to the NCUA and will not require a FICU to provide a detailed incident assessment within the 72-hour time frame.

The effective date of the final rule is September 1, 2023. The final rule can be found here.

Summary

Background

In July 2022, the Board approved a proposed rule that would require a FICU to notify NCUA of a cyber incident that rises to the level of a reportable cyber incident. The proposed rule would require this notification as soon as possible but no later than 72 hours after a FICU reasonably believes that a reportable cyber incident has occurred.

Shortly before the Board issued the proposed rule, Congress enacted the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Cyber Incident Reporting Act), requiring covered entities to report covered cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) not later than 72 hours after the entity reasonably believes that a covered cyber incident has occurred.

While CISA has until 2025 to publish its final rule, the NCUA Board believed “it would be imprudent in light of the increasing frequency and severity of cyber incidents to postpone a notification requirement until after CISA promulgates a final rule.” The Board intends to coordinate with CISA on any future credit union cyber incident reporting to avoid duplicate reporting to both NCUA and CISA.

Final Rule

Definition – Reportable Cyber Incident

The final rule defines a “reportable cyber incident” as any substantial cyber incident that leads to one or more of the following:

  • A substantial loss of confidentiality, integrity, or availability of a network or member information system that results from the unauthorized access to or exposure of sensitive data, disrupts vital member services, or has a serious impact on the safety and resiliency of operational systems and processes.
  • A disruption of business operations, vital member services, or a member information system resulting from a cyberattack or exploitation of vulnerabilities.
  • A disruption of business operations or unauthorized access to sensitive data facilitated through, or caused by, a compromise of a credit union service organization, cloud service provider, or other third-party data hosting provider or by a supply chain compromise.

A “reportable cyber incident” does not include any event where the cyber incident is performed in good faith by an entity in response to a specific request by the owner or operators of the system. For example, contracting with a third-party to conduct penetration testing or e-mail spoofing testing.

Reporting Process

If a reportable cyber incident occurs, Part 748 will now require FICUs to notify the “appropriate NCUA-designated point of contact of the occurrence via email, telephone, or other similar methods that the NCUA may prescribe. NCUA must receive this notification as soon as possible but no later than 72 hours after a FICU reasonably believes that it has experienced a reportable cyber incident, or within 72 hours of being notified by a third-party with whom the credit union has a contractual relationship with, whichever is sooner.

NCUA has indicated additional information will be issued prior to the September 1, 2023, effective date, including more detailed reporting guidance. NCUA also intends to coordinate with state regulators as much as possible.

NASCUS will provide updates as additional information becomes available.

NCUA Letter 23-CU-02 Summary
Expansion of Permissible CUSO Activities and Associated risks

NASCUS Legislative and Regulatory Affairs Department
February 7, 2023

Summary

On November 26, 2021, a final rule amending NCUA Regulation Part 712 – Credit Union Service Organizations (CUSOs)[1] became effective. NASCUS’ summary of the NCUA rule[2] outlines its expansion of the list of permissible activities and services for CUSOs.  The expanded list includes the origination of any type of loan that a Federal Credit Union (FCU) may originate and grants NCUA additional flexibility to approve permissible activities and services.

NCUA Letter 23-CU-02 reminds the industry of published guidance that broadly outlines the responsibility of a credit union to address primary related risks with CUSO relationships, including the various ways the relationship between the CUSO and credit union impacts the risk profile and to ensure consumer financial protection risks from CUSO originated loans are properly addressed.

NCUA guidance published includes:

  • The CUSO provisions of the NCUA Examiners Guide[3];
  • The CUSO Activities portion of the NCUA’s website[4]; and
  • NCUA Rules and Regulations Part 712.5[5] outlining preapproved activities and services for CUSOs.

The relevant guidance found in the NCUA Examiner’s Guide outlines the statutory definition of a CUSO, the impact of CUSO to credit union relationships, investment, and loan limitations, maintenance of entity legal separation, authorized CUSO services, the CUSO registry, associated primary risks, the impact on earnings and net worth of the credit union, appropriate risk management practices and CUSO review procedures.

The CUSO Activities portion on the NCUA website outlines the approval process for requesting additional preapproved CUSO activities that, once approved, will be added to the webpage to authorize any CUSO which desires to engage in those activities with no further NCUA approval necessary.  Currently, no “newly authorized activities” are listed outside those found within Part 712.5.

[1] Available at www.govinfo.gov/content/pkg/FR-2021-10-27/pdf/2021-23322.pdf

[2] Available at https://www.nascus.org/summaries/final-rule-summary-fcu-cusos/

[3] Available at https://publishedguides.ncua.gov/examiner/Content/ExaminersGuide/CUSOs/IntroCUSO.htm

[4] Available at https://www.ncua.gov/regulation-supervision/cuso-activities

[5] Available at https://www.ecfr.gov/current/title-12/chapter-VII/subchapter-A/part-712/section-712.5

NCUA Risk Alert: 23-RA-01 Change to HMDA’s Closed-End Loan Reporting Threshold

 NASCUS Legislative and Regulatory Affairs Department
February 3, 2023

On February 2, 2023, the NCUA Board issued Risk Alert 23-RA-01. The alert addresses a September 23, 2022, order issued by the U.S. District Court for the District of Columbia that vacated a portion of the CFPB’s 2020 HMDA Final Rule that had established a reporting threshold of 100 closed-end mortgage loans.

The decision by the court reverts the threshold for reporting data on closed-end mortgage loans to 25 loans in each of the two preceding calendar years, the threshold previously established by the 2015 HMDA Final Rule.

The NCUA states they recognize credit unions affected by this change may need time to implement or adjust policies, procedures, systems, and operations to achieve compliance with the reporting requirements. Therefore, the NCUA intends to take a flexible supervisory and enforcement approach, similar to that of the CFPB, and not issue enforcement actions or citations for closed-end mortgage loan data collected in 2020, 2021, or 2022. Credit unions can find additional information on HMDA reporting requirements here, including a Reference Chart for HMDA Data Collected in 2022.

Summary re: CFPB Request for Information Regarding Consumer Credit Card Market 

Docket No. CFPB-2023-0009

Section 502(a) of the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act or Act) requires the Consumer Financial Protection Bureau (CFPB) to conduct a review of the consumer credit card market, within limits of its existing resources available for reporting purposes.  In connection with conducting that review, and in accordance with Section 502(a) of the Act, the CFPB is soliciting information from the public about a number of aspects of the consumer credit card market.

Comments must be received no later than April 24, 2023.  The RFI can be accessed here.

Summary:

The CARD Act was signed into law in May 2009.  The Act was intended to “establish fair and transparent practices related to the extension of credit” in the credit card market. 

Section 502(a) of the CARD act requires the CFPB to conduct a review, within the limits of its existing resources available for reporting purposes, of the consumer credit market every two years.  The CFPB published its last review in September 2021. To inform its next review, the CFPB invites members of the public, including consumers, credit card issuers, industry analysts, consumer groups and other interested parties to submit information and other comments relevant to the questions posed as well as any additional information they believe is relevant to a review of the credit card market.

The CFPB seeks information from members of the public about how the credit card market is functioning. Specifically, the CFPB seeks comments on the experiences of consumers and credit card issuers in the credit card market as well as the overall health of the market.  The Bureau is seeking responses to the specific questions listed below but welcomes commenters to provide any additional information they believe is relevant.

Terms of credit card agreements and the practices of credit card issuers:

  • How have the substantive terms and conditions of credit card agreements or the length and complexity of such agreements changed over the past two years?
  • How have issuers changed their pricing, marketing, underwriting, or other practices?
  • How are the terms of, and practices related to, major supplementary credit card features (such as credit card rewards, deferred interest promotions, balanced transfers, and cash advances) evolving? What are the terms of, practices related to, and prevalence of emerging supplementary credit card features (such as credit card installment plans)?
  • How have issuers’ marketing practices changed since the CFPB reported on the credit card market in 2021? Has this impacted consumers’ ability to comparison shop? If so, in what ways?
  • What practices of credit card issuers may uniquely affect special populations (such as servicemembers and their dependents, low and moderate-income consumers, old Americans, and students)? What are the effects of protections specific to special populations (for example, the Servicemembers Civil Relief Act or the Military Lending Act)? How are these changing and what, if any, trends are evolving?
  • How have practices related to collecting on delinquent and charged-off credit card debt changed over the past two years?
  • Has the use of electronic communication (e.g., email or SMS) by creditors and debt collectors in connection with credit card debt grown or otherwise evolved? If so, in what ways?
  • How are the terms of, and practices related to, partnerships between credit card issuers and merchant partners (such as hospitality, airline, healthcare, and/or retail companies) evolving?

The effectiveness of disclosure of terms, fees, and other expenses of credit card plans 

  • How effective are current disclosures of rates, fees, and other cost terms of credit card accounts in conveying to consumers the costs of credit card plans?
  • What further improvements in disclosure, if any, would benefit consumers and what costs would card issuers or others incur in providing such disclosures?
  • How well are current credit card disclosure rules and practices adapted to the digital environment? What adaptations to credit card disclosure regimes in the digital environment would better serve consumers or reduce industry compliance burden?

The adequacy of protections against unfair, deceptive, or abusive acts and practices relating to credit cards plans 

  • What unfair, deceptive, or abusive acts and practices exist in the credit card market? How prevalent are those acts and practices and what effect do they have? With regard to any unfair, deceptive, or abusive acts and practices that exist in the credit card market, how might any such conduct be prevented and at what cost?

The cost and availability of consumer credit cards

  • How have the cost and availability of consumer credit cards (including with respect to non-prime borrowers) changed since the CFPB reported on the credit card market in 2021?
  • What is responsible for changes (or absence of changes) in cost and availability? Has the impact of the CARD Act on cost and availability changed over the past two years?
  • How, if at all, are the characteristics of consumers with lower credit scores changing? How are groups of consumers in different score tiers faring in the market? How do other factors relating to consumer demographics or financial lives affect consumers’ ability to successfully obtain and use credit cards?

The safety and soundness of credit card issuers

  • What, if any, safety and soundness risks related to the credit cycle are present or growing in this market, and which entities are disproportionately affected by these risks? Has the impact of the CARD Act on safety and soundness changed over the past two years?
  • How have current dynamics related to funding sources (such as asset-backed securities or deposits) for credit card receivables affected issuers’ profitability and lending operations?
  • What changes, if any, in capital markets for credit cards have there been since the last biennial report? How do capital requirements for different types of institutions affect competition in the credit card market or consumer’s access to and cost of credit? How might these trends positively or negatively impact consumers?

The use of risk-based pricing for consumer credit cards

  • How has the use of risk-based pricing for consumer credit cards changed since the CFPB reported on the credit card market in 2021? What has driven those changes or lack of changes? Has the impact of the CARD Act on risk-based pricing changed over the past two years?
  • How have CARD Act provisions relating to risk-based pricing impacted (positively or negatively) the evolution of practices in this market?

Consumer credit card product innovation and competition

  • How has credit card product innovation changed since the CFPB reported on the credit market in 2021? What has driven those changes or lack of changes? Has the impact of the CARD Act on product innovation changed over the past two years?
  • How is the competition in the credit card market changing? How has the CARD Act (positively or negatively) impacted competition between credit card issuers? How, if at all, do these changes and impacts relate to the cost or availability of consumer credit cards?
  • What barriers to entry, if any, exist in the consumer credit market? What obstacles may smaller financial institutions face when launching a credit card product? How are these impediments changing and what, if any, trends are evolving? To what extent are financial institutions adopting “credit card-as-a-service” offerings? How might these changes affect competition, promote innovation, or introduce risk, if at all?
  • How have broader innovations in finance, such as (but not limited to) new products and entrants offering unique features (like rewards redemption for cryptocurrency, environmental causes, and other categories beyond cash-back or points), evolving digital tools, greater availability of and new applications for consumer data, and new technological tools (like machine learning), impacted the consumer credit card market, either directly or indirectly? In what ways do CARD Act provisions encourage or discourage innovation? In what ways do innovations increase or decrease the impact of certain CARD Act provisions, or change the nature of those impacts?
  • How do innovations by firms offering other consumer financial products and services (such as buy-now-pay-later credit, mobile payments, or non-card point-of-sale loans) compete with credit cards, and to what extent do consumers view them as effective alternatives to or substitutes for credit cards?

The Consumer Financial Protection Bureau issued a circular that asked if “persons” that engage in negative option marketing practices violate the prohibition on unfair, deceptive, or abusive acts or practices in the Consumer Financial Protection Act (CFPA).

The circular was issued on January 19, 2023 and can be accessed here.

Summary

The Bureau answered the question affirmatively and noted the circular was issued to reiterate that covered persons and service providers who engage in negative option marketing are required to comply with the Consumer Financial Protection Act (CFPA)’s prohibition on unfair, deceptive, and abusive acts or practices.

The Bureau further emphasizes that its approach to negative option marketing is generally in alignment with the FTC’s approach to Section 5 of the FTC Act as set forth in its recent policy statement.  According to the circular, the phrase “negative option” refers to a term or condition under which a seller may interpret a consumer’s silence, failure to take an affirmative action to reject a product or service, or failure to cancel an agreement as acceptance or continued acceptance of the offer.  The circular notes that negative option programs can cause harm to consumers who do not wish to receive the products/services for which they are charged.  Harm is “most likely to occur when sellers mislead consumers about terms and conditions, fail to obtain consumers’ informed consent or make it difficult to consumers to cancel.”

The Bureau notes that a seller offering a negative option program risks violating the law if the seller (i) misrepresents or fails to clearly and conspicuously disclose the material terms of a negative option program; (ii) fails to obtain consumers’ informed consent; (iii) misleads consumers who want to cancel, erects unreasonable barriers to cancellation, or fails to honor cancellation requests that comply with its promised cancellation procedures.

Failure to Disclose

Sellers may violate the CFPA’s prohibition on deceptive acts or practices if they misrepresent or fail to clearly and conspicuously disclose the material terms of an offer for a product/service with a negative option feature.  Under the CFPA, a representation or omission is deceptive if it is likely to mislead a reasonable consumer and is material.  A “material” representation or omission “involves information that is important to consumers and, hence is likely to affect their choice of, or conduct regarding, a product.”

Consent

Sellers engaged in negative option marketing would likely violate the CFPA where they fail to obtain the consumer’s informed consent before charging the consumer.  Consent will generally not be informed if, for example, a seller mischaracterizes or conceals the negative option feature, provides contradictory or misleading information, or otherwise interferes with the consumer’s understanding of the agreement.

Enforcement

The Bureau has used its authority under the CFPA’s UDAAP provisions to halt a variety of harmful negative option practices.  The Bureau has also relied on other Federal consumer financial laws (such as the Electronic Fund Transfer Act (EFTA) and Regulation E) that it enforces to address certain harmful negative option marketing practices.

Letter to Credit Unions 23-CU-01
NCUA’s 2023 Supervisory Priorities

NASCUS Legislative and Regulatory Affairs Department
January 19, 2023

On January 18, the NCUA issued Letter to Credit Unions 23-CU-01 outlining the agency’s Supervisory Priorities for 2023. The letter also includes updates to the agency’s examination program for 2023. Not unexpectedly the letter indicates the agency’s focus will be on the areas posing the highest risk to credit union members, the credit union industry, and, the National Credit Union Share Insurance Fund (NCUSIF). The letter also includes links to various NCUA resources applicable to each area of supervisory focus.

NCUA will continue a hybrid examination posture in which examiners will be both onsite and offsite, as appropriate with some examination activity remaining offsite as long as it can be completed “efficiently and effectively at credit unions that can accommodate offsite work.  The extended examination cycle for certain credit unions will also continue in 2023. Eligibility criteria for an extended exam cycle can be found here. NCUA will also continue its Small Credit Union Exam Program in most federal credit unions with assets under $50 million.

Summary

NCUA has indicated the following areas of supervisory focus for 2023.

Interest Rate Risk

As to be expected Interest Rate Risk (IRR) is at the top of the list. Due to the significant rise in interest rates in 2022 and the addition of the Sensitivity “S” component to the CAMELS rating system, NCUA has formalized a focus on IRR as a specific rating category, separate from liquidity risk. Examiners will be reviewing credit unions’ IRR program for the following risk management and controls:

  • Key assumptions and related data sets are reasonable and well-documented.
  • The credit union’s overall level of IRR exposure is properly measured and controlled.
  • Results are communicated to decision-makers and the board of directors.
  • Proactive action is taken to remain within safe and sound policy limits.

Liquidity Risk 

Higher interest rates and the significant increase in share balances from 2020 – 2022. Because of these and other factors, examiners will evaluate the adequacy of a credit union’s liquidity risk management framework relative to the size, complexity, and risk profile of the credit union as well as evaluation of the following:

  • The potential effects of changing interest rates on the market value of assets and borrowing capacity.
  • Scenario analysis for liquidity risk modeling.
  • Scenario analysis for changes in cash flow projections for an appropriate range of relevant factors.
  • The appropriateness of contingency funding plans to address any unexpected liquidity shortfalls.

Credit Risk

Due to high inflation and rising interest rates putting financial pressure on credit union members credit risk is a priority for 2023.  Examiners will review:

  • The soundness of existing lending programs;
  • Adjustments a credit union has made to loan underwriting standards; and
  • Portfolio monitoring practices and loan workout strategies for borrowers facing financial hardship.

Examiners will consider all factors in evaluating credit unions’ efforts to provide relief to borrowers, including whether the efforts were reasonable and conducted with proper controls and management oversight.

Fraud Prevention and Detection

The NCUA remains concerned with fraud risks, particularly given the remote posture of examinations since 2020.  Due to this concern, NCUA will continue efforts to review internal controls and separation of duties. New for 2023, the agency will be implementing a management questionnaire designed to enhance the identification of fraud red flags, material supervisory concerns, or other potential new risks to which a credit union may be exposed.

The questionnaire will be sent to credit unions as part of the pre-examination planning stage for ALL full-scope exams along with the Items Needed List. This will also be included in joint exams with State Supervisory Authorities (SSAs).  Credit unions will only need to complete one questionnaire per examination. If an SSA uses a similar questionnaire NCUA indicates the federal and state examiners will coordinate to decide which questionnaire will be completed.  The questionnaire will be sent through MERIT’s survey function, completed by the credit union CEO or senior executive, and returned through the survey function.  The scope of the examination may be refined based on the responses received.

Information Security (Cybersecurity)

Cybersecurity remains an examination priority for the NCUA. Examiners will be evaluating whether credit unions have established adequate information security programs to protect members and the credit union. The agency has developed and tested updated Information Security Examination procedures tailored to credit unions of varying size and complexity.

Credit unions are encouraged to utilize the Automated Cybersecurity Evaluation Toolbox in preparation for examinations.

Consumer Financial Protection

The agency will continue to review compliance with applicable consumer financial protection laws and regulations for federal credit unions that the NCUA has under its consumer financial protection supervisory authority. Examiners will review credit unions for compliance with:

  • Flood Disaster Protection Act including disclosure requirements, as the agency continues to evolve its understanding of the impact of climate-related financial risks on the industry and the NCUSIF;
  • Overdraft programs, including a review of how these programs are advertised, how account balances are calculated, and transaction settlement;
  • Fair lending, including the review of residential real estate appraisals for any bias, and review of policy and procedures with a focus on steering and possible price discrimination;
  • The Truth in Lending Act, specifically disclosures for auto loans for credit unions that have experienced high auto loan growth in the past year;
  • The Fair Credit Reporting Act, specifically accuracy in data reported, risk-based pricing, and consumer rights disclosures.

Other Updates

Current Expected Credit Loss Implementation

Examiners will evaluate the adequacy of credit union Allowance for Credit Losses (ACL) on loans and leases by reviewing:

  • ACL policies and procedures;
  • Documentation of ACL reservation methodology
  • Adherence to Generally Accepted Accounting Principles (GAAP) (if applicable).

Federally Insured State Chartered Credit Unions (FISCUs) should refer to state law on GAAP requirements and CECL standard applicability (those requirements may be more restrictive).

Succession Planning

In 2023 examiners will be requesting information about a credit union’s approach to succession planning for executive leadership, including written succession plans. The plans will not be considered beyond the current process in assigning the Management “M” component of the CAMELS rating and no Examiner’s Findings or Document of Resolution will be issued if the credit union has not conducted succession planning or the planning is not adequate unless the credit union is in violation of its own policy.

Support for Small and Minority Depository Institutions

The NCUA is committed to continuing its support of Small and Minority Depository Institutions (MDIs) through its support program. The program focuses on providing training and guidance to these institutions and their leadership. The agency expects the program benefits to also include:

  • Greater awareness of the unique needs of small credit unions and MDIs and their role in serving underserved communities.
  • Expanded opportunities for these credit unions to receive support through NCUA grants, training, and other initiatives.
  • Furthering partnerships with organizations and industry mentors that can support small credit unions and MDIs.

The NCUA has also developed MDI-specific exam procedures to assist examiners in their supervision of MDIs.

Post-Examination Survey

The NCUA will continue to gather feedback on examinations through the post-examination survey process. Also of note, federal credit unions may record their exam exit meetings provided they comply with applicable laws and regulations for recording and provide a copy of the recording to the NCUA. These recordings can be useful to both credit unions and the NCUA. NCUA examiners will agree to the recording of the exam exit meetings, and the NCUA will monitor how often exam exit meetings are recorded.

Final Rule Summary
Federal Reserve: Regulation D – Reserve Requirements of Depository Institutions

NASCUS Legislative and Regulatory Affairs Department
January 17, 2023

The Board of Governors of the Federal Reserve System (Board) has adopted final amendments to Regulation D (Part 204) revising the rate of interest paid on balances (IORB) maintained at Federal Reserve Banks by or on behalf of eligible institutions[1]. The IORB is now 4.40 percent, a 0.50 percentage point increase from the prior level. The final rule states the amendment is intended to “enhance the role of IORB in maintaining the federal funds rate in the target range established by the Federal Open Market Committee (FOMC).

The amendment took effect on January 13, 2023.

Summary

On December 14, 2022, the Board voted unanimously to raise the interest rate paid on balances to 4.40 percent as a result the Board is amending §204.10(b)(1) of Regulation D to establish the new rate.

Section 19 of the Federal Reserve Act[2] imposes reserve requirements on certain types of deposits and other liabilities of depository institutions. Regulation D implements Section 19 and requires that a depository institution meet reserve requirements by holding cash in its vault or by maintaining a balance in an account at a Federal Reserve Bank.[3] Section 19 also provides balances maintained by eligible institutions in an account at a Federal Reserve Bank are eligible to receive earnings on balances held. Finally, Section 19 permits the Board may prescribe regulations concerning the payment of earnings on these balances. Prior to this latest amendment, the IORB was 3.90 percent.

The amendment to the IORB was not subject to notice and comment under the Administrative Procedures Act[4], as the Board determined that good cause existed for finding that a notice, public comment, and delayed effective date provisions were unnecessary, impracticable, or contrary to public interest.

The final rule indicates that the rate change for IORB was made to accommodate commerce and business and “with regard to their bearing upon the general credit situation of the country.”  The Board determined that notice, public comment, and a delayed effective date would “create uncertainty about the finality and effectiveness of the Board’s action and undermine the effectiveness of that action.”

[1] 12 CFR 204.1(c)(1)(i-v)

[2] 12 U.S.C. 461(b)

[3] 12 CFR 204.5(a)(1)

[4] 12 U.S.C. 551

Notice of Proposed Rulemaking and Request for Comment
FinCEN: Beneficial Ownership Information Access and Safeguards, and Use of FinCEN Identifiers for Entities

NASCUS Legislative and Regulatory Affairs Department
January 13, 2023

On December 16, 2022, FinCEN issued a notice of proposed rulemaking (NPRM) and request for comment and an accompanying Fact Sheet regarding access by authorized recipients to beneficial ownership information (BOI) that will be reported to FinCEN pursuant to Section 6403 of the Corporate Transparency Act (CTA)[1], enacted under the Anti-Money Laundering Act of 2020 (AML Act).  This proposed rule is the second rulemaking under the CTA addressing BOI and would implement protocols on security and confidentiality required by the CTA in order to protect personally identifiable information (PII) reported to FinCEN as required under the BOI final rule. NASCUS summary of the BOI final rule can be found here.

The NPRM explains the circumstances in which specific recipients (financial institutions for example) would have access to BOI and outlines data protection protocols and oversight mechanisms applicable to each category of those who will have access to BOI. The NPRM will also specify when and how reporting companies can use FinCEN identifiers to report the BOI of entities.

The intent of the proposed regulation is to ensure:

  1. Only authorized users have access to BOI;
  2. Authorized access only for purposes permitted by the CTA; and
  3. Authorized users only re-disclose BOI in ways that balance protection of the security and confidentiality of the BOI with furtherance of the CTA’s objective of making BOI available for purposes specified in the CTA.

The proposed rule and request for comment can be found here.

Comments are due on or before February 14, 2023

Summary

The CTA imposes strict confidentiality on the storage, access, and use of BOI, restricting FinCEN disclosure to a statutorily defined group of governmental authorities and financial institutions under limited circumstances. It further defines that such information is to be maintained in a secure, nonpublic database.

The CTA authorizes five categories of “recipients” (users) who may receive BOI from FinCEN.

  1. Federal, State, local, and Tribal government agencies.
    • Agencies engaged in national security, intelligence, or law enforcement activity.
    • Federal agency access is “activity-based” meaning a Federal functional regulator may be engaged in “law enforcement activity” and therefore still request BOI from FinCEN
    • State, local, and Tribal law enforcement agencies may also obtain BOI, if “a court of competent jurisdiction” has authorized the agency to seek the information.
  2. Foreign law enforcement agencies, judges, prosecutors, central authorities, and competent authorities.
    • Requests must come through an intermediary Federal agency.
    • Must meet certain criteria and are made under;
      • An international treaty, agreement, or convention
      • Via a request made by law enforcement, judicial, or prosecutorial authority in a trusted foreign country.
  3. Financial Institutions (FI) using BOI to facilitate compliance with Customer Due Diligence (CDD) requirements under applicable law.
    • FI requesting the BOI has the reporting company’s consent for such disclosure.
  4. Federal functional regulators and other appropriate regulatory agencies acting in a supervisory capacity assessing FIs for compliance with CDD.
    • These agencies may access the BOI that the FIs they supervise received from FinCEN.
  5. U.S. Department of Treasury
    • CTA provides “unique” access to BOI tied to an officer or employee’s official duties requiring BOI inspection or disclosure, particularly tax information.

Access Capabilities

Access by Federal, State, and local Tribal government agencies:

FinCEN expects three types of domestic agency users to be able to access and query the beneficial ownership IT system directly: (1) Federal agencies engaged in national security, intelligence, and law enforcement activity; (2) Treasury officers and employees who require access to BOI to perform their official duties or for tax administration; and (3) State, local, and Tribal law enforcement agencies. This access would permit authorized individuals within an authorized “recipient” agency to log in, run queries using multiple search fields, and review results returned immediately.  These agencies will be required to submit a justification to FinCEN for the respective searches and would be subject to FinCEN oversight and audit.

State, local, and Tribal law enforcement would be required to upload court documents authorizing the search for FinCEN’s review and approval. As part of the IT system protocols, each agency would need to enter into a memorandum of understanding (MOU) with FinCEN before being allowed access to the system.

The remaining authorized “recipient” categories will NOT have access to the broad search capabilities discussed above.

Access by Financial Institutions and Regulatory Agencies for CDD Compliance

Financial institutions and their regulators (Federal functional regulators and other appropriate regulatory agencies, when assessing FI’s compliance with CDD requirements) would both have direct access to BOI contained in the beneficial ownership IT system. However, it would be more limited than that of federal agencies and others as previously discussed.

Financial Institutions

The CTA permits FinCEN to only disclose a reporting company’s BOI to an FI if the disclosure facilitates the FI’s compliance with CDD requirements and only if the reporting company has provided consent prior to accessing the information.

FinCEN is not planning to permit FIs to run broad or open-ended searches in the beneficial ownership IT system or receive multiple search results. Instead, FinCEN anticipates, with the consent of the reporting company, that an FI would submit identifying information specific to the reporting company and receive an electronic transcript with the entity’s BOI.  FinCEN does not want to open greater search capabilities and access due to the potential number of FIs requesting BOI on a reporting company.

Additionally, FIs would be permitted to only search the consenting entity customer and not individual beneficial owners.

Under the proposed rule, an FI would be responsible for obtaining the reporting company’s consent to access their BOI information in the IT system. Additionally, the proposal would define “customer due diligence under applicable law” to mean FinCEN’s CDD regulations, requiring FIs to identify and verify beneficial owners of legal entity customers. Of particular note, the proposed rule would NOT permit FIs to request BOI access for other BSA compliance purposes, such as compliance with relation to Customer (Member) Identification (CIP) requirements. Additionally, this limitation would mean that many FIs subject to the Bank Secrecy Act but not subject to the CDD, such as money service businesses (MSBs), would not have access to the BOI database.

Request for comment

FinCEN believes this approach will be easier to administer, however, they are seeking comments specifically as to whether a broader reading of the phrase “customer due diligence requirements” is warranted under the framework of the CTA, and, if so, how customer due diligence requirements should be defined in order to provide regulatory clarity, protect the security and confidentiality of BOI, and minimize the risk of abuse.

Regulators

Similar access limitations are permitted for Federal functional regulators and other appropriate supervisory agencies. Federal and state agencies may request BOI from FinCEN that the FIs they supervise have already obtained. The information may only be requested for assessing an FI’s compliance with CDD requirements under applicable law.

FinCEN is still developing this access model but expects regulators to be able to retrieve any BOI that their supervised institutions received from FinCEN during a particular period, as opposed to data that might reflect subsequent updates. Therefore, regulators would receive the same BOI that FIs received for purposes of their CDD reviews.

FinCEN also expects that Federal functional regulators responsible for bringing civil enforcement actions also will be able to obtain BOI under “activity-based” access. The NPRM proposes that an agency that is not traditionally understood as a “law enforcement” agency, such as a Federal functional regulator (e.g., NCUA), may receive BOI because “law enforcement activity” may encompass civil law enforcement by the agency, including civil forfeiture and administrative proceedings.

Verification of Beneficial Ownership Information

The proposed rule indicates that FinCEN “continues to evaluate options for verifying reported BOI.”  “Verification” means confirming that the reported BOI submitted to FinCEN is accurately associated with a particular individual, creating doubt for FIs and regulators about they ability to rely upon the information in the system.

Request for Comment

FinCEN is seeking feedback on 30 specific requests for comment under six subheadings.

  • Understanding the Rule
  • Disclosure of Information
  • Use of Information
  • Security and Confidentiality Requirements
  • Outreach
  • FinCEN Identifiers

The complete list of specific comments can be found on page 77425 of the NPRM found here.

Of particular note under the subheading of “Disclosure of Information” FinCEN is seeking comments on the following:

(7) FinCEN requests comments discussing how State, local, and Tribal law enforcement agencies are authorized by courts to seek information in criminal and civil investigations. Among the particular issues that FinCEN is interested in are: how State, local, and Tribal authorities gather evidence in criminal and civil cases; what role a court plays in each of these mechanisms, and whether in the commenter’s opinion it rises to the level of court “authorization”; what role court officers (holders of specific offices, not attorneys as general-purpose officers of the court) play in these mechanisms; how grand jury subpoenas are issued and how the court officers issuing them are “authorized” by a court; whether courts of competent jurisdiction, or officers thereof, regularly authorize subpoenas or other investigative steps via court order; and whether there are any evidence-gathering mechanisms through which State, local, or Tribal law enforcement agencies should be able to request BOI from FinCEN, but that do not require any kind of court?

(11) FinCEN proposes that FIs be required to obtain the reporting company’s consent in order to request the reporting company’s BOI from FinCEN. FinCEN invites commenters to indicate what barriers or challenges FIs may face in fulfilling such a requirement, as well as any other considerations.

(12) FinCEN proposes to define “customer due diligence requirements under applicable law” to mean the bureau’s 2016 CDD Rule, as it may be amended or superseded pursuant to the AML Act. The 2016 CDD Rule requires FIs to identify and verify beneficial owners of legal entity customers. Should FinCEN expressly define “customer due diligence requirements under applicable law” as a larger category of requirements that includes more than identifying and verifying beneficial owners of legal entity customers? If so, what other requirements should the phrase encompass? How should the broader definition be worded? It appears to FinCEN that the consequences of a broader definition of this phrase would include making BOI available to more FIs for a wider range of specific compliance purposes, possibly making BOI available to more regulatory agencies for a wider range of specific examination and oversight purposes and putting greater pressure on the demand for the security and confidentiality of BOI. How does the new balance of those consequences created by a broader definition fulfill the purpose of the CTA?

(13) If FinCEN wants to limit the phrase “customer due diligence requirements under applicable law” to apply only to requirements like those imposed under its 2016 CDD Rule related to FIs identifying and verifying beneficial owners of legal entity customers, are there any other comparable requirements under Federal, State, local, or Tribal law? If so, please specifically identify these requirements and the regulatory bodies that supervise for compliance with or enforce them.

(14) Are there any State, local, or Tribal government agencies that supervise FIs for compliance with FinCEN’s 2016 CDD Rule? If so, please identify them.

Also, of particular note under the category of “Use of Information” FinCEN is seeking comment on:

(19) Could a State regulatory agency qualify as a “State, local, or Tribal law enforcement agency” under the definition in proposed 31 CFR 1010.955(b)(2)(ii)? If so, please describe the investigation or enforcement activities involving potential civil or criminal violations of law that such agencies may undertake that would require access to BOI.

NASCUS would also like feedback on a handful of other items not specifically addressed in the NPRM including whether an FI is obligated to access the BOI database for purposes of CDD Rule compliance, or may it choose to do so and what an FI should do if there is a discrepancy between the BOI it received from an entity customer under the CDD Rule and the BOI it receives from FinCEN under the CTA?

[1] 31 U.S.C. 5336

Federal Reserve/FDIC/OCC
Joint Statement on Crypto-Asset Risks to Banking Organizations

Summary
January 8, 2023

The Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) have issued a Joint Statement on Crypto-Asset Risks to Banking Organizations outlining the agencies’ concerns with the volatility and vulnerabilities of crypto-assets and the risks of which banking entities engaged with crypto-assets should be aware. The banking agencies use “crypto-asset” to refer to a digital asset implemented using cryptographic techniques.

NCUA is not a participant to the Joint Statement.

In the Joint Statement, the bank agencies emphasize:

  • The need to prevent crypto-asset sector risks that cannot be mitigated from infecting the banking sector.
  • That the banking agencies continue to take a cautious approach to crypto-asset related activities in banks.
  • That banks are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation.
  • That a bank issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system was likely inconsistent with safety and soundness.
  • That the banking agencies have significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.
  • Banks are advised to implement appropriate risk management related to crypto-assets such as board oversight, policies, procedures, risk assessments, controls, gates and guardrails, and monitoring.

In the Joint Statement, the bank agencies highlight the following risks related to crypto-assets:

  • Risk of fraud and scams among crypto-asset sector participants
  • Legal uncertainties related to custody practices, redemptions, and ownership rights
  • Inaccurate or misleading representations and disclosures by crypto-asset companies and unfair, deceptive, or abusive acts and practices
  • Significant volatility in crypto-asset markets
  • Susceptibility of stablecoins to run risk and potential deposit outflows for banks holding stablecoin reserves
  • Contagion risk within the crypto-asset sector resulting from interconnections among certain crypto-asset participants
  • Concentration risk for banks resulting from the interconnected nature of the crypto-asset sector
  • Lack of maturity and robustness of risk management and governance practices in the crypto-asset sector
  • Heightened risks associated with open, public, and/or decentralized networks:
  • Absence of formal internal governance/system oversight
  • Lack of contractual established ownership/roles/responsibilities/liabilities
  • Vulnerability to cyber attacks
  • Potential for illicit finance
NCUA Proposed Rulemaking Summary 2022-0185
NCUA Rules 701 AND 714: Financial Innovation: Loan Participations, Eligible Obligations, and Notes of Liquidating Credit Unions

NASCUS Legislative and Regulatory Affairs Department
January 6, 2023

Background

The NCUA Board[1] approved for publication NPRM NCUA 2022-0185[2]. Published in the Federal Register on December 29, 2022[3], the proposal entitled Financial Innovation: Loan Participations, Eligible Obligations, and Notes of Liquidating Credit Unions seeks to amend 12 CFR Parts § 701 and § 714.  Comments on the NPRM are due February 28, 2023.

The proposed amendments apply to §§701.21, 701.22, 701.23, and 714.9 related to loans and lines of credit to members; the purchase of loan participations and the purchase, sale, and pledge of eligible obligations (including notes from liquidating credit unions).

The proposed amendments are intended to add clarity to the NCUA’s regulations and provide additional flexibility to federally insured credit unions (FICUs) in the use of advanced technologies and other opportunities provided by the financial technology (Fintech) sector.

The proposed amendments attempt to conform NCUA’s rules regarding the aforementioned investment/loan related rules by amending definitions of indirect lending and indirect leasing arrangements to be consistent with concepts outlined in NCUA Legal Opinion 15-0813, Loan Participations in Indirect Loans – Originating Lender[4].

The majority of the proposed changes only apply to FCUs with the exception of amendments to specific sections of §701.22 (participations).  However, the proposed amendments could indirectly impact FISCUs in cases where state agencies use similarly defined state regulations related to the determination of a purchased investment being classified as a loan to member, a participation, or a purchased obligation of a member.  Of particular interest are the proposed amendments found in §701.21.

This summary will highlight the material implications of the changes that directly affect FISCUs and those with the potential to indirectly impact FISCUs through indirect, definitional and/or SSA adoption of NCUA like rules and regulations.

Summary

The following summarizes the material changes proposed to each applicable section as part of the NPRM.

701.21 (Loans to members and lines of credit to members)

Provisions of § 701.21 apply to FCUs with only the following provisions applying to FICUs:

  • Insider lending restrictions as outlined in (c)(8);
  • Non-preferential treatment requirements to FISCU officials or related parties outlined in (d)(5); and
  • Third-party servicing of indirect vehicle loan limitations found in (h).

The NCUA Board is proposing to amend the rule by adding a new paragraph §701.21(c)(9) clarifying the definition of indirect lending and indirect leasing arrangements.  None of these changes relate directly to state-chartered credit unions but may impact state language similarly adopted or bound by definitions in §701.21.  This new language is intended to replace language currently found in §701.23(b)(4)(iv), which would be removed.

Under the proposed §701.21(c)(9) indirect lending and leasing agreements would be defined as written agreements to purchase loans or leases from an originating entity where the purchaser (1) makes the final underwriting decision, and (2) the loan or lease agreement is assigned to the purchaser very soon after it is signed by the member and the originating entity.   It is presumed that loans assigned “very soon after” the agreement between the consumer and the third-party retailer indicate the retailer acts as a facilitator of the loan as opposed to the true initial lender.

The length of time that satisfies the “very soon after” depends on the nature of the loan, the practical realities of assigning certain kinds of loans in the current marketplace and in accordance with prevailing industry standards.[5]  The NPRM states that while “very soon after” is generally determined on a case-by-case basis as described above, the longer the period between the formation of the contract and its assignment, the more likely the program will be viewed as involving the purchase of an eligible obligation rather than the making of a loan.[6]

Presuming such indirect lending or leasing arrangement requirements are met would indicate such investments would be classified as loans to members, as authorized by §701.21, and not as the purchase of an eligible obligation of a member as authorized by §701.23.

701.22 (Loan Participations)

FISCUs must comply with all provisions of §701.22, except (b)(4) which requires a borrower to become a member of one of the participating credit unions before the purchasing federally insured credit unions purchases a participation interest in the loan.

The NCUA Board is proposing to amend the rule by adding clarification to the introductory paragraph and codify NCUA Legal Opinion 15-0813.  This language would clarify that a FICU engaged in an indirect lending relationship can meet the definition of an “eligible organization” under §701.22, provided the FICU meets certain conditions.

Specifically, a FICU would be considered the originating lender and meet the definition of an “eligible organization” if the FICU (1) makes the final underwriting decision regarding the loan, and (2) the loan is assigned to the purchaser very soon after the inception of the obligation to extend credit.  An “originating lender” is defined as a participant with which the borrower initially or originally contracts for a loan and who, thereafter or concurrently with the funding of the loan, sells participations to other lenders.  An originating lender specifically includes a participant that acquires a loan through an indirect lending arrangement as defined under §701.21(c)(9).

The NPRM states the change is intended by the NCUA Board to clarify that a FICU can meet the definition of “originating lender” in certain transactions where the FICU is engaging in indirect lending arrangements with Fintech companies and other third-party loan acquisition channels, such as Credit Union Service Organizations (CUSOs) or other loan-originating retailers.

701.23 (Purchase, sale, and pledge of eligible obligations)

The NCUA Board is proposing to amend the rule through certain clarifying and conforming amendments to the introductory paragraph of §701.23.  No part of §701.23 applies to FISCUs.

Proposed amendments include the deletion of §701.23(b)(4) which excludes certain loans acquired through indirect lending and leasing arrangements from the 5-percent limit on the aggregate of the unpaid balance of certain loans purchased under §701.23.  Excluded loans include student loans, real estate loans, and eligible obligations purchased in accordance with §701.23(b)(4)(b)(1)(iii), (iv), or (i) or purchased through indirect lending arrangements defined in §701.23(b)(4)(iv).  These limitations would be removed and instead, such investments may meet the definition of a loan to a member under the proposed language of §701.21(c)(9).  The 5-percent limitation to unimpaired capital and surplus of the FCU purchaser would still apply to purchases of eligible obligations from liquidating FCUs and FICUs under §701.23(b)(1)(ii) and (2)(ii)

This change, in conjunction with the other changes in §701.21, is intended to provide clarification on the long-standing interpretation[7] that credit instruments acquired by an FCU pursuant to an indirect lending arrangement are considered loans made by the FCU under §701.21, if the aforementioned conditions of underwriting and timeliness of assignment are met, rather than eligible obligations purchased under §701.23.

Amendments to §701.23 would also include removing the CAMELS ratings and well-capitalized requirement found under §701.23(b)(2) for FCU purchases of certain non-member loans from FICUs and add principle-oriented safety and soundness requirements to section §701.23(b)(i)-(vi) concerning the purchase of eligible obligations.  These new safety and soundness requirements are proposed to offset the removal of the CAMELS/ well-capitalized requirements and the 5-percent limit constraints.

The proposed safety and soundness requirement additions on the purchasing FCU related to eligible obligations or notes from a liquidating credit union include:

  • Establishing written, board-approved policies, risk assessments, and risk management process requirements commensurate with the size, scope, type, complexity, and level of risk posed by the planned purchase activities.
  • Conducting due diligence on the seller prior to purchase.
  • Initiating written loan purchase agreements with provisions established in §701.22.
  • Conducting a legal review and assessment of applicable loan purchase agreements or contracts to protect the FCU’s legal and business interests from undue risk

Additional safety and soundness requirements to §701.23(c) relate to the selling FCU and include:

  • Obtaining a legal review and assessment of all applicable loan sale agreements on contracts.
  • Identifying the specific loan(s) being sold either directly in the written loan sale agreement or through a document incorporated by reference in the loan sale agreement.

The NPRM proposes to amend §701.23(b)(5) to broaden the grandfather provision of that section to include purchased obligations where the investments were made in compliance with the current rule so long as updated risk assessments, established concentration limits, and risk monitoring appropriate for safety and soundness are still effective.

Finally, the addition of §701.23(b)(6) implies requirements that purchases of eligible obligations from liquidating credit unions must comply with the purchasing FCUs internal written purchase policies, which must:

  • Require that the purchasing FCU conduct due diligence on the seller of the loans and other counterparties to the transaction prior to purchase.
  • Establish risk assessment and management process requirements that are commensurate with the size, scope, type, complexity, and level of risk posed by the panned loan purchase activities.
  • Establish internal underwriting and ongoing monitoring standards commensurate with the size, scope, type, complexity, and level of risk posed by the activities.
  • Require that the written agreement include (1) the specific loans purchased, the location and custodian of the original loan documents, an explanation of the duties and responsibilities of the seller, servicer, and all parties with respect to all aspects of the loans being purchased, and the circumstances and conditions under which the parties to the agreement may replace the servicer when the seller retains the servicing rights.
  • Establish portfolio concentration limits by loan type and risk category in relation to net worth commensurate with the size, scope, and complexity of the credit unions loan purchases.
  • Address when a legal review of agreements or contracts will be performed to ensure that the legal and business interests of the credit union are protected.

714.9 (Indirect leasing arrangements subject to the purchase of eligible obligation limit set forth in § 701.23)

The NCUA Board is seeking amendments to the rule proposing certain clarifying and conforming amendments. No part of §714.9 applies to state-chartered credit unions.

Proposed amendments would eliminate §714.9 completely as the amendments to the NPRM proposed under §701.23 to remove (b)(4)(iv) would no longer apply the 5-percent limitation to any purchases of eligible obligations, therefore, the current §714.9 would be rendered unnecessary.  Further, the definition of indirect leasing arrangements, previously addressed here, is now defined in §701.21(c)(9).

[1] Board agenda available at https://ncua.gov/files/agenda-items/financial-innovation-proposed-rule-20221215.pdf

[2] Available at https://www.regulations.gov/document/NCUA_FRDOC_0001-0309

[3] Available at https://www.federalregister.gov/documents/2022/12/30/2022-27607/financial-innovation-loan-participations-eligible-obligations-and-notes-of-liquidating-credit-unions

[4]NCUA Legal Op. 15-0813 (Aug. 10, 2015) available at https://www.ncua.gov/regulation-supervision/legal-opinions/2015/loan-participations-indirect-loans-originating-lenders.

[5] The preamble to the 1998 proposal to amend the eligible obligations rule requested public comment on whether the NCUA should specify a certain number of days as constituting “very soon.” 63 FR 41976, 41977 (Aug. 6, 1998). After considering the comments, however, the NCUA Board determined not to specifically define it because it wanted to provide FCUs with flexibility under various circumstances. The NCUA Board also clarified that assignment of the loan means acceptance of the loan and not necessarily the physical receipt of the loan documentation, recognizing that acceptance and payment are often done electronically. However, physical receipt of the loan documents by the FCU should occur within a reasonable time following acceptance of the loan. 63 FR 70997, 70998 (Dec. 23, 1998); see also NCUA Legal Op. 97-0546 (Aug. 6, 1997) (Concluding that an indirect lending arrangement where the retailer made a loan and assigned it to the purchasing credit union within one business day met the “very soon after” timing requirement.).

[6] 63 FR 41976, 41977 (Aug. 6, 1998).

[7] See, e.g., NCUA Legal Op. 97-0546 (Aug. 6, 1997), available at https://www.ncua.gov/regulation-supervision/legal-opinions/1997/indirect-lending.