U.S. Department of Treasury Summary: 2024 National Strategy for Combatting Terrorist and Other Illicit Financing

U.S. Department of Treasury Summary: 2024 National Strategy for Combatting Terrorist and Other Illicit Financing

NASCUS Legislative and Regulatory Affairs Department
May 23, 2024

With little fanfare, on May 16, 2024 the U.S. Department of Treasury issued its 2024 National Strategy for Combatting Terrorist and Other Illicit Financing. The document is 55 pages and according to Treasury’s press release, “addresses the key risks from the 2024 National Money Laundering, Terrorist Financing, and Proliferation Financing Risk Assessments.”

The document is extensive and discusses a lengthy list of topics. At a high level, it identifies four “priorities” and 15 “supporting actions” to support the four priorities. Each of the priorities and supporting actions is to support the goals of the U.S. Anti-Money Laundering/Countering Financial Terrorism regime.

The four priority recommendations according to the press release and report are:

  1. 1Close legal and regulatory gaps in the U.S. AML/CFT framework that illicit actors exploit to anonymously access the U.S. financial system by operationalizing the beneficial ownership information registry for law enforcement, national security, and intelligence use; finalizing rules related to the residential real estate and investment adviser sectors; and assessing other sectors that may be vulnerable to illicit finance;
  2. Promote a more effective and risk-focused U.S. AML/CFT regulatory and supervisory framework for financial institutions to make them more efficient and effective in preventing illicit finance by providing clear compliance guidance, sharing information appropriately, and ensuring adequate resourcing for supervisory and enforcement functions;
  3. Enhance the operational effectiveness of law enforcement, other U.S. government agencies, and international partnerships in combating illicit finance so threat actors cannot find safe havens for their operations; and
  4. Realize the benefits of responsible technological innovation in the United States by developing new payments technology, supporting the use of new mechanisms for private sector compliance, and utilizing automation and innovation to find novel ways to combat illicit finance.

The report also includes a graphic that details the primary goals, priorities, and supporting actions.

While these are laudable goals the report also leads one to question how Treasury will accomplish these goals as the document acknowledges the lack of government resources, particularly when it comes to monitoring non-bank financial institutions, which are becoming a much greater focal point.

Final Rule: Corporate Credit Unions (Part 704)

Prepared by NASCUS Legislative & Regulatory Affairs Department
December 2020

NCUA has issued a final rule amending its corporate credit union regulations in § 704. The final rule addresses several provisions of the NCUA’s corporate credit union rule, including:

  • permitting a corporate credit union to make a minimal investment in a credit union service organization (CUSO) without the CUSO being classified as a corporate CUSO pursuant to § 704
  • expanding the categories of senior staff positions at member natural person credit unions (NPCUs) eligible to serve on a corporate credit union’s board
  • amending the minimum experience and independence requirement for a corporate credit union’s enterprise risk management (ERM) expert
  • clarifies the definition of a collateralized debt obligation
  • simplifies the requirement for net interest income modeling

The Final Rule may be read here. The final rule is effective December 14, 2020.   

NCUA’s corporate credit union rule applies to state-chartered corporate credit unions by reference in § 741.206.

Summary

  • Minimal Investment in Natural Person CUSOs

Under the final rule, corporate credit unions will be allowed to make de minimus, non-controlling investment in a NPCU CUSO without that CUSO being classified as a corporate CUSO. Corporate CUSO are subject to much more prescriptive regulations than NPCU CUSOs. For example:

  • permissible activities for a corporate CUSO are more limited than the permissible activities for a NPCU CUSOs
  • corporate CUSOs must agree to give NCUA complete access to personnel, facilities, equipment, books, records, & other documentation that NCUA deems pertinent while NPCU CUSOs must only provide access to its books & records & the ability to review its internal controls
  • corporate CUSOs must provide quarterly financial statements to the corporate credit union whereas NPCU CUSOs must prepare quarterly financial statements, but do not have to provide the statements to FCUs

With this rule change, NPCUs might be more willing to allow small corporate credit union investments into their CUSOs which could benefit NPCUs by opening a new pool of investors and benefit corporates by allowing them to leverage the innovation of NPCU CUSOs.

  • New Definitions – § 704.2

The final rule has several new definitions, including:

  • Consolidate CUSO – any CUSO the assets of which are consolidated with those of the corporate credit union for purposes of reporting under GAAP
  • Corporate CUSO – a CUSO in which one or more corporate credit unions have a controlling interest, defined as:

(1) the CUSO is consolidated on a corporate credit union’s balance sheet;

(2) a corporate credit union has the power, directly or indirectly, to direct the CUSO’s management or policies;

(3) a corporate credit union owns 25% or more of the CUSO’s contributed equity, stock, or membership interests; or

(4) the aggregate corporate credit union ownership of all corporates investing in the CUSO is 50% or more of the CUSO’s contributed equity, stock, or membership interests

  • Credit Union Service Organization (CUSO) – the final rule defines a CUSO as applying to both corporate CUSOs and NPCU CUSOs.

Loans to CUSOs

Under the final rule, a corporate credit union making loans to NPCU or corporate CUSOs must have a board-approved policy that:

  • provides for ongoing control, measurement, and management of CUSO lending
  • includes qualifications and experience requirements for personnel involved in underwriting, processing, approving, administering, and collecting loans to CUSOs
  • establishes the loan approval process, underwriting standards, and risk management processes

In addition, NCUA requires any NPCU CUSO in which a corporate credit union invests or to which a corporate credit union makes a loan must comply with § 712 in its entirety.

Disclosure of Executive Compensation – § 704.19

Section 704.19 currently requires that each corporate credit union annually prepare and maintain a document that discloses the compensation of certain employees, including compensation received from a corporate CUSO. Under the final rule, employee compensation from either a NP CUSO or a corporate CUSO must be reported. Corporate CUSOs are required to report the compensation of a dual employee, however there is no requirement for the NPCU CUSO to report the income, therefore the dual employee is obligated to report the income to the corporate credit union in order for that corporate credit union to meet its reporting obligations.

Corporate Credit Union Board Representation – § 704.14

Currently, NCUA rules require corporate credit union directors hold the following positions as a NPCU: CEO, CFO, COO, treasurer, or manager. The final rule makes this preceding list a set of examples and requires only that the corporate credit union directors hold a senior management position at a NPCU.

Enterprise Risk Management – § 704.21

NCUA has eliminated the prescriptive independence and experience rules related to the required ERM position in corporate credit unions. The final rule also clarifies that the ERM expert may report either to the corporate credit union’s board of directors or to the ERMC. Corporate credit unions now have the flexibility the appropriate level of experience necessary for the position and the reporting structure. The ERM officer and function should be commensurate with the complexity and risk of the corporate credit union. NCUA will evaluate the adequacy of a corporate credit union’s enterprise risk management practices through the supervisory process.

Please select a valid form
The Legislative & Regulatory Affairs Committee (L&R Committee)

Our largest committee, consisting of over 70 members, is comprised of individuals from various segments of our membership, including regulators, credit unions, leagues, and associate members. This committee convenes on the first Wednesday of each month at 3 pm (EST) for a one-hour session to address significant issues facing our system. Additionally, this committee holds in-person meetings during our Annual NASCUS State System Summit (S3).

Furthermore, the committee plays a vital role in reviewing NASCUS comment letters, providing an open forum where any member can raise concerns or issues, and organizing special calls on topics like litigation trends and cryptocurrencies. Importantly, there is no limit on committee membership, and multiple individuals from the same credit union are welcome to participate.

The CDFI, MDI, and LICU Issues Committee

This committee, which is open to all NASCUS members, concentrates on raising awareness about the unique designations within the credit union sector, namely Community Development Financial Institution (CDFI), Minority Depository Institution (MDI), and Low-Income Credit Union (LICU). It also aims to identify advocacy objectives that NASCUS can pursue to enhance the significance of these special designations. The CDFI/MDI/LICU Issues Committee convenes every other month.

The Education Committee

This committee supervises NASCUS’s programs related to professional development, training, and education. It plays a crucial role in suggesting the educational requirements of the credit union system. It assesses NASCUS’s continuous professional development initiatives by examining program agendas, post-conference evaluations, and financial aspects of events. While membership on the Education Committee is available to all membership categories, it is limited to a maximum of eight participants.

If you have additional questions on how to participate with NASCUS Committees, please contact Shellee Mitchell.

Summary of NCUA Letter 23-CU-04: Interagency Policy Statement on Allowances for Credit Losses
(Revised April 2023)

NASCUS Legislative and Regulatory Affairs Department
April 25, 2023

The National Credit Union Administration, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively, the agencies) are issuing a revised interagency policy statement on allowance for credit losses (ACLs).  The revision is issued in response to changes to U.S. generally accepted accounting principles (GAAP) promulgated by the Financial Accounting Standards Board (FASB) in March 2022.

On June 1, 2020, the agencies published an interagency policy statement[1] related to changes to GAAP as promulgated by the FASB in ASU 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments.

In March 2022, the FASB further amended Topic 326 with the issuance of ASU 2022-02, Financial Instruments – Credit Losses (Topic 326): Troubled Debt Restructuring and Vintage Disclosures.  ASU 2022-02 eliminates the recognition and measurement accounting guidance for Troubled Debt Restructurings (TDR) by creditors upon adoption of Topic 326.

To maintain conformance with GAAP, the agencies are revising their ACLs policy statement to remove references to TDRs and correct a citation in footnote 4 of the original statement.  No other changes are being made.

The policy statement continues to describe the measurement of expected credit losses in accordance with FASB ASC Topic 326; the design, documentation, and validation of expected credit loss estimation processes, including the internal controls over these processes; the maintenance of appropriate ACLs; the responsibilities of boards of directors and management; and examiner reviews of ACLs and is effective at the time of each institutions adoption of Topic 326[2].

The following policy statements are no longer effective for an institution upon its adoption of FASB Topic 326:

  • The December 2006 Interagency Policy statement on the Allowance for Loan and Lease Losses;
  • The July 2001 Policy Statement on Allowance for Loan and Lease Losses Methodologies and Documentation for Banks and Savings Institutions; and
  • The NCUA’s May 2002 Interpretive Ruling and Policy Statement 02-3, Allowance for Loan and Lease Losses Methodologies and Documentation for Federally Insured Credit Unions.

The aforementioned ALLL Policy Statements will be formally rescinded after FASB Topic 326 is instituted for all institutions.

[1] 85 FR 32991 (June 1, 2020).

[2] As noted in Accounting Standards Update 2019-10, FASB ASC Topic 326 is effective for fiscal years beginning after December 15, 2019, including interim periods within those fiscal years, for public business entities that meet the definition of a Securities Exchange Commission (SEC) filer, excluding entities eligible to be small reporting companies as defined by the SEC. FASB ASC Topic 326 is effective for all other entities for fiscal years beginning after December 15, 2022, including interim periods within those fiscal years. For all entities, early application of FASB ASC Topic 326 is permitted as set forth in ASU 2016-13.

NCUA Final Rule Summary: Cyber Incident Notification Requirements for Federally Insured Credit Unions

NASCUS Legislative and Regulatory Affairs Department
March 7, 2023

At the February 16, 2023, meeting, the NCUA Board approved a final rule amending Part 748 of its regulations to require federally insured credit unions (FICUs) to report an incident to NCUA as soon as possible, but no later than 72 hours after a FICU reasonably believes it has experienced a reportable cyber incident. The notification requirement is intended to be an “early alert” to the NCUA and will not require a FICU to provide a detailed incident assessment within the 72-hour time frame.

The effective date of the final rule is September 1, 2023. The final rule can be found here.

Summary

Background

In July 2022, the Board approved a proposed rule that would require a FICU to notify NCUA of a cyber incident that rises to the level of a reportable cyber incident. The proposed rule would require this notification as soon as possible but no later than 72 hours after a FICU reasonably believes that a reportable cyber incident has occurred.

Shortly before the Board issued the proposed rule, Congress enacted the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Cyber Incident Reporting Act), requiring covered entities to report covered cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) not later than 72 hours after the entity reasonably believes that a covered cyber incident has occurred.

While CISA has until 2025 to publish its final rule, the NCUA Board believed “it would be imprudent in light of the increasing frequency and severity of cyber incidents to postpone a notification requirement until after CISA promulgates a final rule.” The Board intends to coordinate with CISA on any future credit union cyber incident reporting to avoid duplicate reporting to both NCUA and CISA.

Final Rule

Definition – Reportable Cyber Incident

The final rule defines a “reportable cyber incident” as any substantial cyber incident that leads to one or more of the following:

  • A substantial loss of confidentiality, integrity, or availability of a network or member information system that results from the unauthorized access to or exposure of sensitive data, disrupts vital member services, or has a serious impact on the safety and resiliency of operational systems and processes.
  • A disruption of business operations, vital member services, or a member information system resulting from a cyberattack or exploitation of vulnerabilities.
  • A disruption of business operations or unauthorized access to sensitive data facilitated through, or caused by, a compromise of a credit union service organization, cloud service provider, or other third-party data hosting provider or by a supply chain compromise.

A “reportable cyber incident” does not include any event where the cyber incident is performed in good faith by an entity in response to a specific request by the owner or operators of the system. For example, contracting with a third-party to conduct penetration testing or e-mail spoofing testing.

Reporting Process

If a reportable cyber incident occurs, Part 748 will now require FICUs to notify the “appropriate NCUA-designated point of contact of the occurrence via email, telephone, or other similar methods that the NCUA may prescribe. NCUA must receive this notification as soon as possible but no later than 72 hours after a FICU reasonably believes that it has experienced a reportable cyber incident, or within 72 hours of being notified by a third-party with whom the credit union has a contractual relationship with, whichever is sooner.

NCUA has indicated additional information will be issued prior to the September 1, 2023, effective date, including more detailed reporting guidance. NCUA also intends to coordinate with state regulators as much as possible.

NASCUS will provide updates as additional information becomes available.

NCUA Letter 23-CU-02 Summary
Expansion of Permissible CUSO Activities and Associated risks

NASCUS Legislative and Regulatory Affairs Department
February 7, 2023

Summary

On November 26, 2021, a final rule amending NCUA Regulation Part 712 – Credit Union Service Organizations (CUSOs)[1] became effective. NASCUS’ summary of the NCUA rule[2] outlines its expansion of the list of permissible activities and services for CUSOs.  The expanded list includes the origination of any type of loan that a Federal Credit Union (FCU) may originate and grants NCUA additional flexibility to approve permissible activities and services.

NCUA Letter 23-CU-02 reminds the industry of published guidance that broadly outlines the responsibility of a credit union to address primary related risks with CUSO relationships, including the various ways the relationship between the CUSO and credit union impacts the risk profile and to ensure consumer financial protection risks from CUSO originated loans are properly addressed.

NCUA guidance published includes:

  • The CUSO provisions of the NCUA Examiners Guide[3];
  • The CUSO Activities portion of the NCUA’s website[4]; and
  • NCUA Rules and Regulations Part 712.5[5] outlining preapproved activities and services for CUSOs.

The relevant guidance found in the NCUA Examiner’s Guide outlines the statutory definition of a CUSO, the impact of CUSO to credit union relationships, investment, and loan limitations, maintenance of entity legal separation, authorized CUSO services, the CUSO registry, associated primary risks, the impact on earnings and net worth of the credit union, appropriate risk management practices and CUSO review procedures.

The CUSO Activities portion on the NCUA website outlines the approval process for requesting additional preapproved CUSO activities that, once approved, will be added to the webpage to authorize any CUSO which desires to engage in those activities with no further NCUA approval necessary.  Currently, no “newly authorized activities” are listed outside those found within Part 712.5.

[1] Available at www.govinfo.gov/content/pkg/FR-2021-10-27/pdf/2021-23322.pdf

[2] Available at https://www.nascus.org/summaries/final-rule-summary-fcu-cusos/

[3] Available at https://publishedguides.ncua.gov/examiner/Content/ExaminersGuide/CUSOs/IntroCUSO.htm

[4] Available at https://www.ncua.gov/regulation-supervision/cuso-activities

[5] Available at https://www.ecfr.gov/current/title-12/chapter-VII/subchapter-A/part-712/section-712.5

NCUA Risk Alert: 23-RA-01 Change to HMDA’s Closed-End Loan Reporting Threshold

 NASCUS Legislative and Regulatory Affairs Department
February 3, 2023

On February 2, 2023, the NCUA Board issued Risk Alert 23-RA-01. The alert addresses a September 23, 2022, order issued by the U.S. District Court for the District of Columbia that vacated a portion of the CFPB’s 2020 HMDA Final Rule that had established a reporting threshold of 100 closed-end mortgage loans.

The decision by the court reverts the threshold for reporting data on closed-end mortgage loans to 25 loans in each of the two preceding calendar years, the threshold previously established by the 2015 HMDA Final Rule.

The NCUA states they recognize credit unions affected by this change may need time to implement or adjust policies, procedures, systems, and operations to achieve compliance with the reporting requirements. Therefore, the NCUA intends to take a flexible supervisory and enforcement approach, similar to that of the CFPB, and not issue enforcement actions or citations for closed-end mortgage loan data collected in 2020, 2021, or 2022. Credit unions can find additional information on HMDA reporting requirements here, including a Reference Chart for HMDA Data Collected in 2022.

Summary re: CFPB Request for Information Regarding Consumer Credit Card Market 

Docket No. CFPB-2023-0009

Section 502(a) of the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act or Act) requires the Consumer Financial Protection Bureau (CFPB) to conduct a review of the consumer credit card market, within limits of its existing resources available for reporting purposes.  In connection with conducting that review, and in accordance with Section 502(a) of the Act, the CFPB is soliciting information from the public about a number of aspects of the consumer credit card market.

Comments must be received no later than April 24, 2023.  The RFI can be accessed here.

Summary:

The CARD Act was signed into law in May 2009.  The Act was intended to “establish fair and transparent practices related to the extension of credit” in the credit card market. 

Section 502(a) of the CARD act requires the CFPB to conduct a review, within the limits of its existing resources available for reporting purposes, of the consumer credit market every two years.  The CFPB published its last review in September 2021. To inform its next review, the CFPB invites members of the public, including consumers, credit card issuers, industry analysts, consumer groups and other interested parties to submit information and other comments relevant to the questions posed as well as any additional information they believe is relevant to a review of the credit card market.

The CFPB seeks information from members of the public about how the credit card market is functioning. Specifically, the CFPB seeks comments on the experiences of consumers and credit card issuers in the credit card market as well as the overall health of the market.  The Bureau is seeking responses to the specific questions listed below but welcomes commenters to provide any additional information they believe is relevant.

Terms of credit card agreements and the practices of credit card issuers:

  • How have the substantive terms and conditions of credit card agreements or the length and complexity of such agreements changed over the past two years?
  • How have issuers changed their pricing, marketing, underwriting, or other practices?
  • How are the terms of, and practices related to, major supplementary credit card features (such as credit card rewards, deferred interest promotions, balanced transfers, and cash advances) evolving? What are the terms of, practices related to, and prevalence of emerging supplementary credit card features (such as credit card installment plans)?
  • How have issuers’ marketing practices changed since the CFPB reported on the credit card market in 2021? Has this impacted consumers’ ability to comparison shop? If so, in what ways?
  • What practices of credit card issuers may uniquely affect special populations (such as servicemembers and their dependents, low and moderate-income consumers, old Americans, and students)? What are the effects of protections specific to special populations (for example, the Servicemembers Civil Relief Act or the Military Lending Act)? How are these changing and what, if any, trends are evolving?
  • How have practices related to collecting on delinquent and charged-off credit card debt changed over the past two years?
  • Has the use of electronic communication (e.g., email or SMS) by creditors and debt collectors in connection with credit card debt grown or otherwise evolved? If so, in what ways?
  • How are the terms of, and practices related to, partnerships between credit card issuers and merchant partners (such as hospitality, airline, healthcare, and/or retail companies) evolving?

The effectiveness of disclosure of terms, fees, and other expenses of credit card plans 

  • How effective are current disclosures of rates, fees, and other cost terms of credit card accounts in conveying to consumers the costs of credit card plans?
  • What further improvements in disclosure, if any, would benefit consumers and what costs would card issuers or others incur in providing such disclosures?
  • How well are current credit card disclosure rules and practices adapted to the digital environment? What adaptations to credit card disclosure regimes in the digital environment would better serve consumers or reduce industry compliance burden?

The adequacy of protections against unfair, deceptive, or abusive acts and practices relating to credit cards plans 

  • What unfair, deceptive, or abusive acts and practices exist in the credit card market? How prevalent are those acts and practices and what effect do they have? With regard to any unfair, deceptive, or abusive acts and practices that exist in the credit card market, how might any such conduct be prevented and at what cost?

The cost and availability of consumer credit cards

  • How have the cost and availability of consumer credit cards (including with respect to non-prime borrowers) changed since the CFPB reported on the credit card market in 2021?
  • What is responsible for changes (or absence of changes) in cost and availability? Has the impact of the CARD Act on cost and availability changed over the past two years?
  • How, if at all, are the characteristics of consumers with lower credit scores changing? How are groups of consumers in different score tiers faring in the market? How do other factors relating to consumer demographics or financial lives affect consumers’ ability to successfully obtain and use credit cards?

The safety and soundness of credit card issuers

  • What, if any, safety and soundness risks related to the credit cycle are present or growing in this market, and which entities are disproportionately affected by these risks? Has the impact of the CARD Act on safety and soundness changed over the past two years?
  • How have current dynamics related to funding sources (such as asset-backed securities or deposits) for credit card receivables affected issuers’ profitability and lending operations?
  • What changes, if any, in capital markets for credit cards have there been since the last biennial report? How do capital requirements for different types of institutions affect competition in the credit card market or consumer’s access to and cost of credit? How might these trends positively or negatively impact consumers?

The use of risk-based pricing for consumer credit cards

  • How has the use of risk-based pricing for consumer credit cards changed since the CFPB reported on the credit card market in 2021? What has driven those changes or lack of changes? Has the impact of the CARD Act on risk-based pricing changed over the past two years?
  • How have CARD Act provisions relating to risk-based pricing impacted (positively or negatively) the evolution of practices in this market?

Consumer credit card product innovation and competition

  • How has credit card product innovation changed since the CFPB reported on the credit market in 2021? What has driven those changes or lack of changes? Has the impact of the CARD Act on product innovation changed over the past two years?
  • How is the competition in the credit card market changing? How has the CARD Act (positively or negatively) impacted competition between credit card issuers? How, if at all, do these changes and impacts relate to the cost or availability of consumer credit cards?
  • What barriers to entry, if any, exist in the consumer credit market? What obstacles may smaller financial institutions face when launching a credit card product? How are these impediments changing and what, if any, trends are evolving? To what extent are financial institutions adopting “credit card-as-a-service” offerings? How might these changes affect competition, promote innovation, or introduce risk, if at all?
  • How have broader innovations in finance, such as (but not limited to) new products and entrants offering unique features (like rewards redemption for cryptocurrency, environmental causes, and other categories beyond cash-back or points), evolving digital tools, greater availability of and new applications for consumer data, and new technological tools (like machine learning), impacted the consumer credit card market, either directly or indirectly? In what ways do CARD Act provisions encourage or discourage innovation? In what ways do innovations increase or decrease the impact of certain CARD Act provisions, or change the nature of those impacts?
  • How do innovations by firms offering other consumer financial products and services (such as buy-now-pay-later credit, mobile payments, or non-card point-of-sale loans) compete with credit cards, and to what extent do consumers view them as effective alternatives to or substitutes for credit cards?

The Consumer Financial Protection Bureau issued a circular that asked if “persons” that engage in negative option marketing practices violate the prohibition on unfair, deceptive, or abusive acts or practices in the Consumer Financial Protection Act (CFPA).

The circular was issued on January 19, 2023 and can be accessed here.

Summary

The Bureau answered the question affirmatively and noted the circular was issued to reiterate that covered persons and service providers who engage in negative option marketing are required to comply with the Consumer Financial Protection Act (CFPA)’s prohibition on unfair, deceptive, and abusive acts or practices.

The Bureau further emphasizes that its approach to negative option marketing is generally in alignment with the FTC’s approach to Section 5 of the FTC Act as set forth in its recent policy statement.  According to the circular, the phrase “negative option” refers to a term or condition under which a seller may interpret a consumer’s silence, failure to take an affirmative action to reject a product or service, or failure to cancel an agreement as acceptance or continued acceptance of the offer.  The circular notes that negative option programs can cause harm to consumers who do not wish to receive the products/services for which they are charged.  Harm is “most likely to occur when sellers mislead consumers about terms and conditions, fail to obtain consumers’ informed consent or make it difficult to consumers to cancel.”

The Bureau notes that a seller offering a negative option program risks violating the law if the seller (i) misrepresents or fails to clearly and conspicuously disclose the material terms of a negative option program; (ii) fails to obtain consumers’ informed consent; (iii) misleads consumers who want to cancel, erects unreasonable barriers to cancellation, or fails to honor cancellation requests that comply with its promised cancellation procedures.

Failure to Disclose

Sellers may violate the CFPA’s prohibition on deceptive acts or practices if they misrepresent or fail to clearly and conspicuously disclose the material terms of an offer for a product/service with a negative option feature.  Under the CFPA, a representation or omission is deceptive if it is likely to mislead a reasonable consumer and is material.  A “material” representation or omission “involves information that is important to consumers and, hence is likely to affect their choice of, or conduct regarding, a product.”

Consent

Sellers engaged in negative option marketing would likely violate the CFPA where they fail to obtain the consumer’s informed consent before charging the consumer.  Consent will generally not be informed if, for example, a seller mischaracterizes or conceals the negative option feature, provides contradictory or misleading information, or otherwise interferes with the consumer’s understanding of the agreement.

Enforcement

The Bureau has used its authority under the CFPA’s UDAAP provisions to halt a variety of harmful negative option practices.  The Bureau has also relied on other Federal consumer financial laws (such as the Electronic Fund Transfer Act (EFTA) and Regulation E) that it enforces to address certain harmful negative option marketing practices.

Letter to Credit Unions 23-CU-01
NCUA’s 2023 Supervisory Priorities

NASCUS Legislative and Regulatory Affairs Department
January 19, 2023

On January 18, the NCUA issued Letter to Credit Unions 23-CU-01 outlining the agency’s Supervisory Priorities for 2023. The letter also includes updates to the agency’s examination program for 2023. Not unexpectedly the letter indicates the agency’s focus will be on the areas posing the highest risk to credit union members, the credit union industry, and, the National Credit Union Share Insurance Fund (NCUSIF). The letter also includes links to various NCUA resources applicable to each area of supervisory focus.

NCUA will continue a hybrid examination posture in which examiners will be both onsite and offsite, as appropriate with some examination activity remaining offsite as long as it can be completed “efficiently and effectively at credit unions that can accommodate offsite work.  The extended examination cycle for certain credit unions will also continue in 2023. Eligibility criteria for an extended exam cycle can be found here. NCUA will also continue its Small Credit Union Exam Program in most federal credit unions with assets under $50 million.

Summary

NCUA has indicated the following areas of supervisory focus for 2023.

Interest Rate Risk

As to be expected Interest Rate Risk (IRR) is at the top of the list. Due to the significant rise in interest rates in 2022 and the addition of the Sensitivity “S” component to the CAMELS rating system, NCUA has formalized a focus on IRR as a specific rating category, separate from liquidity risk. Examiners will be reviewing credit unions’ IRR program for the following risk management and controls:

  • Key assumptions and related data sets are reasonable and well-documented.
  • The credit union’s overall level of IRR exposure is properly measured and controlled.
  • Results are communicated to decision-makers and the board of directors.
  • Proactive action is taken to remain within safe and sound policy limits.

Liquidity Risk 

Higher interest rates and the significant increase in share balances from 2020 – 2022. Because of these and other factors, examiners will evaluate the adequacy of a credit union’s liquidity risk management framework relative to the size, complexity, and risk profile of the credit union as well as evaluation of the following:

  • The potential effects of changing interest rates on the market value of assets and borrowing capacity.
  • Scenario analysis for liquidity risk modeling.
  • Scenario analysis for changes in cash flow projections for an appropriate range of relevant factors.
  • The appropriateness of contingency funding plans to address any unexpected liquidity shortfalls.

Credit Risk

Due to high inflation and rising interest rates putting financial pressure on credit union members credit risk is a priority for 2023.  Examiners will review:

  • The soundness of existing lending programs;
  • Adjustments a credit union has made to loan underwriting standards; and
  • Portfolio monitoring practices and loan workout strategies for borrowers facing financial hardship.

Examiners will consider all factors in evaluating credit unions’ efforts to provide relief to borrowers, including whether the efforts were reasonable and conducted with proper controls and management oversight.

Fraud Prevention and Detection

The NCUA remains concerned with fraud risks, particularly given the remote posture of examinations since 2020.  Due to this concern, NCUA will continue efforts to review internal controls and separation of duties. New for 2023, the agency will be implementing a management questionnaire designed to enhance the identification of fraud red flags, material supervisory concerns, or other potential new risks to which a credit union may be exposed.

The questionnaire will be sent to credit unions as part of the pre-examination planning stage for ALL full-scope exams along with the Items Needed List. This will also be included in joint exams with State Supervisory Authorities (SSAs).  Credit unions will only need to complete one questionnaire per examination. If an SSA uses a similar questionnaire NCUA indicates the federal and state examiners will coordinate to decide which questionnaire will be completed.  The questionnaire will be sent through MERIT’s survey function, completed by the credit union CEO or senior executive, and returned through the survey function.  The scope of the examination may be refined based on the responses received.

Information Security (Cybersecurity)

Cybersecurity remains an examination priority for the NCUA. Examiners will be evaluating whether credit unions have established adequate information security programs to protect members and the credit union. The agency has developed and tested updated Information Security Examination procedures tailored to credit unions of varying size and complexity.

Credit unions are encouraged to utilize the Automated Cybersecurity Evaluation Toolbox in preparation for examinations.

Consumer Financial Protection

The agency will continue to review compliance with applicable consumer financial protection laws and regulations for federal credit unions that the NCUA has under its consumer financial protection supervisory authority. Examiners will review credit unions for compliance with:

  • Flood Disaster Protection Act including disclosure requirements, as the agency continues to evolve its understanding of the impact of climate-related financial risks on the industry and the NCUSIF;
  • Overdraft programs, including a review of how these programs are advertised, how account balances are calculated, and transaction settlement;
  • Fair lending, including the review of residential real estate appraisals for any bias, and review of policy and procedures with a focus on steering and possible price discrimination;
  • The Truth in Lending Act, specifically disclosures for auto loans for credit unions that have experienced high auto loan growth in the past year;
  • The Fair Credit Reporting Act, specifically accuracy in data reported, risk-based pricing, and consumer rights disclosures.

Other Updates

Current Expected Credit Loss Implementation

Examiners will evaluate the adequacy of credit union Allowance for Credit Losses (ACL) on loans and leases by reviewing:

  • ACL policies and procedures;
  • Documentation of ACL reservation methodology
  • Adherence to Generally Accepted Accounting Principles (GAAP) (if applicable).

Federally Insured State Chartered Credit Unions (FISCUs) should refer to state law on GAAP requirements and CECL standard applicability (those requirements may be more restrictive).

Succession Planning

In 2023 examiners will be requesting information about a credit union’s approach to succession planning for executive leadership, including written succession plans. The plans will not be considered beyond the current process in assigning the Management “M” component of the CAMELS rating and no Examiner’s Findings or Document of Resolution will be issued if the credit union has not conducted succession planning or the planning is not adequate unless the credit union is in violation of its own policy.

Support for Small and Minority Depository Institutions

The NCUA is committed to continuing its support of Small and Minority Depository Institutions (MDIs) through its support program. The program focuses on providing training and guidance to these institutions and their leadership. The agency expects the program benefits to also include:

  • Greater awareness of the unique needs of small credit unions and MDIs and their role in serving underserved communities.
  • Expanded opportunities for these credit unions to receive support through NCUA grants, training, and other initiatives.
  • Furthering partnerships with organizations and industry mentors that can support small credit unions and MDIs.

The NCUA has also developed MDI-specific exam procedures to assist examiners in their supervision of MDIs.

Post-Examination Survey

The NCUA will continue to gather feedback on examinations through the post-examination survey process. Also of note, federal credit unions may record their exam exit meetings provided they comply with applicable laws and regulations for recording and provide a copy of the recording to the NCUA. These recordings can be useful to both credit unions and the NCUA. NCUA examiners will agree to the recording of the exam exit meetings, and the NCUA will monitor how often exam exit meetings are recorded.

Notice of Proposed Rulemaking and Request for Comment
FinCEN: Beneficial Ownership Information Access and Safeguards, and Use of FinCEN Identifiers for Entities

NASCUS Legislative and Regulatory Affairs Department
January 13, 2023

On December 16, 2022, FinCEN issued a notice of proposed rulemaking (NPRM) and request for comment and an accompanying Fact Sheet regarding access by authorized recipients to beneficial ownership information (BOI) that will be reported to FinCEN pursuant to Section 6403 of the Corporate Transparency Act (CTA)[1], enacted under the Anti-Money Laundering Act of 2020 (AML Act).  This proposed rule is the second rulemaking under the CTA addressing BOI and would implement protocols on security and confidentiality required by the CTA in order to protect personally identifiable information (PII) reported to FinCEN as required under the BOI final rule. NASCUS summary of the BOI final rule can be found here.

The NPRM explains the circumstances in which specific recipients (financial institutions for example) would have access to BOI and outlines data protection protocols and oversight mechanisms applicable to each category of those who will have access to BOI. The NPRM will also specify when and how reporting companies can use FinCEN identifiers to report the BOI of entities.

The intent of the proposed regulation is to ensure:

  1. Only authorized users have access to BOI;
  2. Authorized access only for purposes permitted by the CTA; and
  3. Authorized users only re-disclose BOI in ways that balance protection of the security and confidentiality of the BOI with furtherance of the CTA’s objective of making BOI available for purposes specified in the CTA.

The proposed rule and request for comment can be found here.

Comments are due on or before February 14, 2023

Summary

The CTA imposes strict confidentiality on the storage, access, and use of BOI, restricting FinCEN disclosure to a statutorily defined group of governmental authorities and financial institutions under limited circumstances. It further defines that such information is to be maintained in a secure, nonpublic database.

The CTA authorizes five categories of “recipients” (users) who may receive BOI from FinCEN.

  1. Federal, State, local, and Tribal government agencies.
    • Agencies engaged in national security, intelligence, or law enforcement activity.
    • Federal agency access is “activity-based” meaning a Federal functional regulator may be engaged in “law enforcement activity” and therefore still request BOI from FinCEN
    • State, local, and Tribal law enforcement agencies may also obtain BOI, if “a court of competent jurisdiction” has authorized the agency to seek the information.
  2. Foreign law enforcement agencies, judges, prosecutors, central authorities, and competent authorities.
    • Requests must come through an intermediary Federal agency.
    • Must meet certain criteria and are made under;
      • An international treaty, agreement, or convention
      • Via a request made by law enforcement, judicial, or prosecutorial authority in a trusted foreign country.
  3. Financial Institutions (FI) using BOI to facilitate compliance with Customer Due Diligence (CDD) requirements under applicable law.
    • FI requesting the BOI has the reporting company’s consent for such disclosure.
  4. Federal functional regulators and other appropriate regulatory agencies acting in a supervisory capacity assessing FIs for compliance with CDD.
    • These agencies may access the BOI that the FIs they supervise received from FinCEN.
  5. U.S. Department of Treasury
    • CTA provides “unique” access to BOI tied to an officer or employee’s official duties requiring BOI inspection or disclosure, particularly tax information.

Access Capabilities

Access by Federal, State, and local Tribal government agencies:

FinCEN expects three types of domestic agency users to be able to access and query the beneficial ownership IT system directly: (1) Federal agencies engaged in national security, intelligence, and law enforcement activity; (2) Treasury officers and employees who require access to BOI to perform their official duties or for tax administration; and (3) State, local, and Tribal law enforcement agencies. This access would permit authorized individuals within an authorized “recipient” agency to log in, run queries using multiple search fields, and review results returned immediately.  These agencies will be required to submit a justification to FinCEN for the respective searches and would be subject to FinCEN oversight and audit.

State, local, and Tribal law enforcement would be required to upload court documents authorizing the search for FinCEN’s review and approval. As part of the IT system protocols, each agency would need to enter into a memorandum of understanding (MOU) with FinCEN before being allowed access to the system.

The remaining authorized “recipient” categories will NOT have access to the broad search capabilities discussed above.

Access by Financial Institutions and Regulatory Agencies for CDD Compliance

Financial institutions and their regulators (Federal functional regulators and other appropriate regulatory agencies, when assessing FI’s compliance with CDD requirements) would both have direct access to BOI contained in the beneficial ownership IT system. However, it would be more limited than that of federal agencies and others as previously discussed.

Financial Institutions

The CTA permits FinCEN to only disclose a reporting company’s BOI to an FI if the disclosure facilitates the FI’s compliance with CDD requirements and only if the reporting company has provided consent prior to accessing the information.

FinCEN is not planning to permit FIs to run broad or open-ended searches in the beneficial ownership IT system or receive multiple search results. Instead, FinCEN anticipates, with the consent of the reporting company, that an FI would submit identifying information specific to the reporting company and receive an electronic transcript with the entity’s BOI.  FinCEN does not want to open greater search capabilities and access due to the potential number of FIs requesting BOI on a reporting company.

Additionally, FIs would be permitted to only search the consenting entity customer and not individual beneficial owners.

Under the proposed rule, an FI would be responsible for obtaining the reporting company’s consent to access their BOI information in the IT system. Additionally, the proposal would define “customer due diligence under applicable law” to mean FinCEN’s CDD regulations, requiring FIs to identify and verify beneficial owners of legal entity customers. Of particular note, the proposed rule would NOT permit FIs to request BOI access for other BSA compliance purposes, such as compliance with relation to Customer (Member) Identification (CIP) requirements. Additionally, this limitation would mean that many FIs subject to the Bank Secrecy Act but not subject to the CDD, such as money service businesses (MSBs), would not have access to the BOI database.

Request for comment

FinCEN believes this approach will be easier to administer, however, they are seeking comments specifically as to whether a broader reading of the phrase “customer due diligence requirements” is warranted under the framework of the CTA, and, if so, how customer due diligence requirements should be defined in order to provide regulatory clarity, protect the security and confidentiality of BOI, and minimize the risk of abuse.

Regulators

Similar access limitations are permitted for Federal functional regulators and other appropriate supervisory agencies. Federal and state agencies may request BOI from FinCEN that the FIs they supervise have already obtained. The information may only be requested for assessing an FI’s compliance with CDD requirements under applicable law.

FinCEN is still developing this access model but expects regulators to be able to retrieve any BOI that their supervised institutions received from FinCEN during a particular period, as opposed to data that might reflect subsequent updates. Therefore, regulators would receive the same BOI that FIs received for purposes of their CDD reviews.

FinCEN also expects that Federal functional regulators responsible for bringing civil enforcement actions also will be able to obtain BOI under “activity-based” access. The NPRM proposes that an agency that is not traditionally understood as a “law enforcement” agency, such as a Federal functional regulator (e.g., NCUA), may receive BOI because “law enforcement activity” may encompass civil law enforcement by the agency, including civil forfeiture and administrative proceedings.

Verification of Beneficial Ownership Information

The proposed rule indicates that FinCEN “continues to evaluate options for verifying reported BOI.”  “Verification” means confirming that the reported BOI submitted to FinCEN is accurately associated with a particular individual, creating doubt for FIs and regulators about they ability to rely upon the information in the system.

Request for Comment

FinCEN is seeking feedback on 30 specific requests for comment under six subheadings.

  • Understanding the Rule
  • Disclosure of Information
  • Use of Information
  • Security and Confidentiality Requirements
  • Outreach
  • FinCEN Identifiers

The complete list of specific comments can be found on page 77425 of the NPRM found here.

Of particular note under the subheading of “Disclosure of Information” FinCEN is seeking comments on the following:

(7) FinCEN requests comments discussing how State, local, and Tribal law enforcement agencies are authorized by courts to seek information in criminal and civil investigations. Among the particular issues that FinCEN is interested in are: how State, local, and Tribal authorities gather evidence in criminal and civil cases; what role a court plays in each of these mechanisms, and whether in the commenter’s opinion it rises to the level of court “authorization”; what role court officers (holders of specific offices, not attorneys as general-purpose officers of the court) play in these mechanisms; how grand jury subpoenas are issued and how the court officers issuing them are “authorized” by a court; whether courts of competent jurisdiction, or officers thereof, regularly authorize subpoenas or other investigative steps via court order; and whether there are any evidence-gathering mechanisms through which State, local, or Tribal law enforcement agencies should be able to request BOI from FinCEN, but that do not require any kind of court?

(11) FinCEN proposes that FIs be required to obtain the reporting company’s consent in order to request the reporting company’s BOI from FinCEN. FinCEN invites commenters to indicate what barriers or challenges FIs may face in fulfilling such a requirement, as well as any other considerations.

(12) FinCEN proposes to define “customer due diligence requirements under applicable law” to mean the bureau’s 2016 CDD Rule, as it may be amended or superseded pursuant to the AML Act. The 2016 CDD Rule requires FIs to identify and verify beneficial owners of legal entity customers. Should FinCEN expressly define “customer due diligence requirements under applicable law” as a larger category of requirements that includes more than identifying and verifying beneficial owners of legal entity customers? If so, what other requirements should the phrase encompass? How should the broader definition be worded? It appears to FinCEN that the consequences of a broader definition of this phrase would include making BOI available to more FIs for a wider range of specific compliance purposes, possibly making BOI available to more regulatory agencies for a wider range of specific examination and oversight purposes and putting greater pressure on the demand for the security and confidentiality of BOI. How does the new balance of those consequences created by a broader definition fulfill the purpose of the CTA?

(13) If FinCEN wants to limit the phrase “customer due diligence requirements under applicable law” to apply only to requirements like those imposed under its 2016 CDD Rule related to FIs identifying and verifying beneficial owners of legal entity customers, are there any other comparable requirements under Federal, State, local, or Tribal law? If so, please specifically identify these requirements and the regulatory bodies that supervise for compliance with or enforce them.

(14) Are there any State, local, or Tribal government agencies that supervise FIs for compliance with FinCEN’s 2016 CDD Rule? If so, please identify them.

Also, of particular note under the category of “Use of Information” FinCEN is seeking comment on:

(19) Could a State regulatory agency qualify as a “State, local, or Tribal law enforcement agency” under the definition in proposed 31 CFR 1010.955(b)(2)(ii)? If so, please describe the investigation or enforcement activities involving potential civil or criminal violations of law that such agencies may undertake that would require access to BOI.

NASCUS would also like feedback on a handful of other items not specifically addressed in the NPRM including whether an FI is obligated to access the BOI database for purposes of CDD Rule compliance, or may it choose to do so and what an FI should do if there is a discrepancy between the BOI it received from an entity customer under the CDD Rule and the BOI it receives from FinCEN under the CTA?

[1] 31 U.S.C. 5336

NCUA Proposed Rulemaking Summary 2022-0185
NCUA Rules 701 AND 714: Financial Innovation: Loan Participations, Eligible Obligations, and Notes of Liquidating Credit Unions

NASCUS Legislative and Regulatory Affairs Department
January 6, 2023

Background

The NCUA Board[1] approved for publication NPRM NCUA 2022-0185[2]. Published in the Federal Register on December 29, 2022[3], the proposal entitled Financial Innovation: Loan Participations, Eligible Obligations, and Notes of Liquidating Credit Unions seeks to amend 12 CFR Parts § 701 and § 714.  Comments on the NPRM are due February 28, 2023.

The proposed amendments apply to §§701.21, 701.22, 701.23, and 714.9 related to loans and lines of credit to members; the purchase of loan participations and the purchase, sale, and pledge of eligible obligations (including notes from liquidating credit unions).

The proposed amendments are intended to add clarity to the NCUA’s regulations and provide additional flexibility to federally insured credit unions (FICUs) in the use of advanced technologies and other opportunities provided by the financial technology (Fintech) sector.

The proposed amendments attempt to conform NCUA’s rules regarding the aforementioned investment/loan related rules by amending definitions of indirect lending and indirect leasing arrangements to be consistent with concepts outlined in NCUA Legal Opinion 15-0813, Loan Participations in Indirect Loans – Originating Lender[4].

The majority of the proposed changes only apply to FCUs with the exception of amendments to specific sections of §701.22 (participations).  However, the proposed amendments could indirectly impact FISCUs in cases where state agencies use similarly defined state regulations related to the determination of a purchased investment being classified as a loan to member, a participation, or a purchased obligation of a member.  Of particular interest are the proposed amendments found in §701.21.

This summary will highlight the material implications of the changes that directly affect FISCUs and those with the potential to indirectly impact FISCUs through indirect, definitional and/or SSA adoption of NCUA like rules and regulations.

Summary

The following summarizes the material changes proposed to each applicable section as part of the NPRM.

701.21 (Loans to members and lines of credit to members)

Provisions of § 701.21 apply to FCUs with only the following provisions applying to FICUs:

  • Insider lending restrictions as outlined in (c)(8);
  • Non-preferential treatment requirements to FISCU officials or related parties outlined in (d)(5); and
  • Third-party servicing of indirect vehicle loan limitations found in (h).

The NCUA Board is proposing to amend the rule by adding a new paragraph §701.21(c)(9) clarifying the definition of indirect lending and indirect leasing arrangements.  None of these changes relate directly to state-chartered credit unions but may impact state language similarly adopted or bound by definitions in §701.21.  This new language is intended to replace language currently found in §701.23(b)(4)(iv), which would be removed.

Under the proposed §701.21(c)(9) indirect lending and leasing agreements would be defined as written agreements to purchase loans or leases from an originating entity where the purchaser (1) makes the final underwriting decision, and (2) the loan or lease agreement is assigned to the purchaser very soon after it is signed by the member and the originating entity.   It is presumed that loans assigned “very soon after” the agreement between the consumer and the third-party retailer indicate the retailer acts as a facilitator of the loan as opposed to the true initial lender.

The length of time that satisfies the “very soon after” depends on the nature of the loan, the practical realities of assigning certain kinds of loans in the current marketplace and in accordance with prevailing industry standards.[5]  The NPRM states that while “very soon after” is generally determined on a case-by-case basis as described above, the longer the period between the formation of the contract and its assignment, the more likely the program will be viewed as involving the purchase of an eligible obligation rather than the making of a loan.[6]

Presuming such indirect lending or leasing arrangement requirements are met would indicate such investments would be classified as loans to members, as authorized by §701.21, and not as the purchase of an eligible obligation of a member as authorized by §701.23.

701.22 (Loan Participations)

FISCUs must comply with all provisions of §701.22, except (b)(4) which requires a borrower to become a member of one of the participating credit unions before the purchasing federally insured credit unions purchases a participation interest in the loan.

The NCUA Board is proposing to amend the rule by adding clarification to the introductory paragraph and codify NCUA Legal Opinion 15-0813.  This language would clarify that a FICU engaged in an indirect lending relationship can meet the definition of an “eligible organization” under §701.22, provided the FICU meets certain conditions.

Specifically, a FICU would be considered the originating lender and meet the definition of an “eligible organization” if the FICU (1) makes the final underwriting decision regarding the loan, and (2) the loan is assigned to the purchaser very soon after the inception of the obligation to extend credit.  An “originating lender” is defined as a participant with which the borrower initially or originally contracts for a loan and who, thereafter or concurrently with the funding of the loan, sells participations to other lenders.  An originating lender specifically includes a participant that acquires a loan through an indirect lending arrangement as defined under §701.21(c)(9).

The NPRM states the change is intended by the NCUA Board to clarify that a FICU can meet the definition of “originating lender” in certain transactions where the FICU is engaging in indirect lending arrangements with Fintech companies and other third-party loan acquisition channels, such as Credit Union Service Organizations (CUSOs) or other loan-originating retailers.

701.23 (Purchase, sale, and pledge of eligible obligations)

The NCUA Board is proposing to amend the rule through certain clarifying and conforming amendments to the introductory paragraph of §701.23.  No part of §701.23 applies to FISCUs.

Proposed amendments include the deletion of §701.23(b)(4) which excludes certain loans acquired through indirect lending and leasing arrangements from the 5-percent limit on the aggregate of the unpaid balance of certain loans purchased under §701.23.  Excluded loans include student loans, real estate loans, and eligible obligations purchased in accordance with §701.23(b)(4)(b)(1)(iii), (iv), or (i) or purchased through indirect lending arrangements defined in §701.23(b)(4)(iv).  These limitations would be removed and instead, such investments may meet the definition of a loan to a member under the proposed language of §701.21(c)(9).  The 5-percent limitation to unimpaired capital and surplus of the FCU purchaser would still apply to purchases of eligible obligations from liquidating FCUs and FICUs under §701.23(b)(1)(ii) and (2)(ii)

This change, in conjunction with the other changes in §701.21, is intended to provide clarification on the long-standing interpretation[7] that credit instruments acquired by an FCU pursuant to an indirect lending arrangement are considered loans made by the FCU under §701.21, if the aforementioned conditions of underwriting and timeliness of assignment are met, rather than eligible obligations purchased under §701.23.

Amendments to §701.23 would also include removing the CAMELS ratings and well-capitalized requirement found under §701.23(b)(2) for FCU purchases of certain non-member loans from FICUs and add principle-oriented safety and soundness requirements to section §701.23(b)(i)-(vi) concerning the purchase of eligible obligations.  These new safety and soundness requirements are proposed to offset the removal of the CAMELS/ well-capitalized requirements and the 5-percent limit constraints.

The proposed safety and soundness requirement additions on the purchasing FCU related to eligible obligations or notes from a liquidating credit union include:

  • Establishing written, board-approved policies, risk assessments, and risk management process requirements commensurate with the size, scope, type, complexity, and level of risk posed by the planned purchase activities.
  • Conducting due diligence on the seller prior to purchase.
  • Initiating written loan purchase agreements with provisions established in §701.22.
  • Conducting a legal review and assessment of applicable loan purchase agreements or contracts to protect the FCU’s legal and business interests from undue risk

Additional safety and soundness requirements to §701.23(c) relate to the selling FCU and include:

  • Obtaining a legal review and assessment of all applicable loan sale agreements on contracts.
  • Identifying the specific loan(s) being sold either directly in the written loan sale agreement or through a document incorporated by reference in the loan sale agreement.

The NPRM proposes to amend §701.23(b)(5) to broaden the grandfather provision of that section to include purchased obligations where the investments were made in compliance with the current rule so long as updated risk assessments, established concentration limits, and risk monitoring appropriate for safety and soundness are still effective.

Finally, the addition of §701.23(b)(6) implies requirements that purchases of eligible obligations from liquidating credit unions must comply with the purchasing FCUs internal written purchase policies, which must:

  • Require that the purchasing FCU conduct due diligence on the seller of the loans and other counterparties to the transaction prior to purchase.
  • Establish risk assessment and management process requirements that are commensurate with the size, scope, type, complexity, and level of risk posed by the panned loan purchase activities.
  • Establish internal underwriting and ongoing monitoring standards commensurate with the size, scope, type, complexity, and level of risk posed by the activities.
  • Require that the written agreement include (1) the specific loans purchased, the location and custodian of the original loan documents, an explanation of the duties and responsibilities of the seller, servicer, and all parties with respect to all aspects of the loans being purchased, and the circumstances and conditions under which the parties to the agreement may replace the servicer when the seller retains the servicing rights.
  • Establish portfolio concentration limits by loan type and risk category in relation to net worth commensurate with the size, scope, and complexity of the credit unions loan purchases.
  • Address when a legal review of agreements or contracts will be performed to ensure that the legal and business interests of the credit union are protected.

714.9 (Indirect leasing arrangements subject to the purchase of eligible obligation limit set forth in § 701.23)

The NCUA Board is seeking amendments to the rule proposing certain clarifying and conforming amendments. No part of §714.9 applies to state-chartered credit unions.

Proposed amendments would eliminate §714.9 completely as the amendments to the NPRM proposed under §701.23 to remove (b)(4)(iv) would no longer apply the 5-percent limitation to any purchases of eligible obligations, therefore, the current §714.9 would be rendered unnecessary.  Further, the definition of indirect leasing arrangements, previously addressed here, is now defined in §701.21(c)(9).

[1] Board agenda available at https://ncua.gov/files/agenda-items/financial-innovation-proposed-rule-20221215.pdf

[2] Available at https://www.regulations.gov/document/NCUA_FRDOC_0001-0309

[3] Available at https://www.federalregister.gov/documents/2022/12/30/2022-27607/financial-innovation-loan-participations-eligible-obligations-and-notes-of-liquidating-credit-unions

[4]NCUA Legal Op. 15-0813 (Aug. 10, 2015) available at https://www.ncua.gov/regulation-supervision/legal-opinions/2015/loan-participations-indirect-loans-originating-lenders.

[5] The preamble to the 1998 proposal to amend the eligible obligations rule requested public comment on whether the NCUA should specify a certain number of days as constituting “very soon.” 63 FR 41976, 41977 (Aug. 6, 1998). After considering the comments, however, the NCUA Board determined not to specifically define it because it wanted to provide FCUs with flexibility under various circumstances. The NCUA Board also clarified that assignment of the loan means acceptance of the loan and not necessarily the physical receipt of the loan documentation, recognizing that acceptance and payment are often done electronically. However, physical receipt of the loan documents by the FCU should occur within a reasonable time following acceptance of the loan. 63 FR 70997, 70998 (Dec. 23, 1998); see also NCUA Legal Op. 97-0546 (Aug. 6, 1997) (Concluding that an indirect lending arrangement where the retailer made a loan and assigned it to the purchasing credit union within one business day met the “very soon after” timing requirement.).

[6] 63 FR 41976, 41977 (Aug. 6, 1998).

[7] See, e.g., NCUA Legal Op. 97-0546 (Aug. 6, 1997), available at https://www.ncua.gov/regulation-supervision/legal-opinions/1997/indirect-lending.