April 13, ’18 NASCUS Report

Capital planning, stress tests, advertising final rules on agenda

Two final rules – on capital planning and stress testing; and on advertising and notice of insured status – will be on the agenda for the NCUA Board when it meets Thursday in open session.

Under the capital planning/stress testing proposal (issued in October), three tiers for “covered credit unions” would be established, based on asset size and tenure under the supervision of the agency’s Office of National Examinations and Supervision (“ONES”). Tier I will include covered credit unions during the first three years under the supervision of ONES and the first three capital planning cycles. Tier II credit unions will be those covered credit unions in their fourth years of ONES supervision, entering their fourth capital planning cycle, with assets between $10 billion and $20 billion.  Tier III will be covered credit unions that have assets greater than $20 billion.

In its comment letter, NASCUS urged the agency to do more in its final rule to harmonize capital planning and stress-testing rules with its current regulatory reform and relief agenda, so that the agency may “better tailor stress testing rules to actual characteristics of the covered credit unions.”

NASCUS wrote that it supported the agency’s goals outlined in the proposal and agreed that the proposal represents improvements over the existing supervisory stress testing rules. But more can be done, the association said, to fit the agency’s own goals. “Because NCUA’s rule is fully within the agency’s discretion, we urge NCUA to act boldly to right-size the rule and correct the deficiencies that have become apparent in the intervening years since initial DFAST (“Dodd-Frank Stress Tests”) rule promulgations,” NASCUS wrote.

The “accuracy of advertising and notice of insured shares” proposal (also issued last October), recommended the addition of a fourth short statement “Insured by NCUA” for official advertising of insured status, as well as an expansion to 30 seconds of an exemption from the advertising statement requirement regarding radio and television advertisements (putting credit union advertising on par with that allowed for banks by the FDIC). NCUA also sought comments about whether its rules should accommodate new trends in advertising such as via social media, texting, and mobile banking applications.

NASCUS wrote in its comment letter, regarding the latter points, that the agency should do so, particularly for social media, and recommended NCUA rules make three allowances for social media advertising:

  • Distinguish between messages appearing on the credit union’s own social media sites as opposed to advertising that might appear on the site of a third party;
  • Clarify that inclusion of the official advertising statement on the credit union’s masthead or on the credit union’s landing page for its social media sites satisfies the regulatory requirements rather than the official statement having to appear on every page; and
  • Allow the official advertising statement to appear by link, no more than one click away, to a social media posting.

“Given the evolving nature of social media, NASCUS also recommends that NCUA commit to regularly reviewing the advertising rule to consider new developments and new technology,” the association wrote.

The meeting gets underway at 10 a.m. Thursday at NCUA headquarters in Alexandria, Va.

NCUA Board meeting notice

NASCUS Comments: Proposed Rule on Accuracy of Advertising

NASCUS Comments: Capital Planning and Supervisory Stress Testing


Compliance requirements for credit unions in combatting money laundering – particularly through customer due diligence – is offered in an on-line session later this month by NCUA. The free April 25 session, the agency said, will address due diligence requirements in the Bank Secrecy Act (BSA, specifically looking at the final rule issued in 2016 by the Treasury’s Financial Crimes Enforcement Network (FinCEN), which updated requirements for “effective BSA and anti-money laundering programs.” Offered by the agency’s Office of Credit Union Resources and Expansion (CURE), the program features speakers from both FinCEN and NCUA. It looks at: reducing compliance and reputation risk through credit union member due diligence; enhancing risk-based procedures by including timely and accurate suspicious activity report (SAR) reporting; and improving the overall BSA/AML program with specific procedures.

Reminder: NASCUS, in partnership with CUNA, offers what is widely recognized as the premier national educational program each year on BSA for the credit union system. This year’s event is set for Nov. 5-8 in Nashville; see the link below for more information, including registration.

NCUA’s CURE to Host Bank Secrecy Act Webinar

NASCUS/CUNA Bank Secrecy Act (BSA) Conference, Nov. 5-8, Nashville


Revisions to rules on home mortgage disclosures and payday lending, and no rule on overdraft protection programs at credit unions and other financials, are under consideration this year by the CFPB, its acting director told Congress this week. Testifying before both Senate and House committees this week, CFPB Acting Director Mick Mulvaney gave committee members a preview of what is to come in the year ahead – including his tenure in the job.

Among the key points Mulvaney shared with the Senate Banking and House Financial Services Committees in separate hearings this week, Mulvaney said the agency will:

  • Open a new rulemaking under the Home Mortgage Disclosure Act (HMDA). Mulvaney said the rulemaking will address reporting thresholds and transactional coverage; it will also involve another look at data points CFPB has added to HMDA data collection that were not mandated by the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank).
  • Revisit the agency’s payday lending rule (issued in November);
  • Not propose new regulations for overdraft protection programs (at least, no proposal is included in the agency’s spring rulemaking agenda, Mulvaney said).
  • Make changes in the reporting structure within the agency, in an effort to “reduce redundancy” and conserve resources. “For example, the Office of Fair Lending and Equal Opportunity is being moved to the Director’s Office, to become part of the Office of Equal Opportunity and Fairness,” he said. “The Office of Fair Lending will continue to focus on advocacy, coordination, and education.” He also vowed to continue to enforce fair lending laws, but will reorganize the offices overseeing that. He said the current fair lending supervision and enforcement functions will remain in the soon-to-be-renamed Division of Supervision, Enforcement, and Fair Lending.

In other comments, Mulvaney made clear that legislation he has recommended for Congress to consider in restructuring the agency reflected only his views, and not those of President Donald Trump or the Federal Reserve. His recommendations (released last week) would: Fund the bureau through congressional appropriations; require affirmative legislative approval of major bureau rules; ensure that the director answers to the president in the exercise of executive authority; and create an independent inspector general for the bureau.

Finally, the acting director said he would be compelled to leave his post at the consumer agency by June 22 if Trump has not by then formally nominated a permanent director. However, he said, if the president does make a formal nomination, he would be able to remain until such time that person is confirmed by the Senate. “Given how long it’s taken the Senate to take up confirmations, [he could be at the CFPB] probably well into the fall or end of this year,” he said

Written Testimony of Mick Mulvaney, Acting Director, Bureau of Consumer Financial Protection, Before the House Committee on Financial Services


“Consumer complaints and inquiries” is the 12th, and last, of the “requests for information” from the Consumer Financial Protection Bureau (CFPB), in the quest of the agency’s acting director to uncover evidence of how the agency is doing its job. Comments will be due in 90 days; the first of the RFIs was released 12 weeks ago.

In its notice submitted for publication in the Federal Register, CFPB said the purpose of the RFI is to gather public input about potential changes that can be made to the agency’s consumer complaint and inquiry handling processes that establish reasonable procedures to provide timely responses to consumers and “centralize the collection of consumer complaints regarding consumer financial products or services.”

“The Bureau is seeking comments and information from interested parties to assist the Bureau in assessing its handling of consumer complaints and consumer inquiries and, consistent with law, considering whether changes to its processes would be appropriate,” the agency said in a release, noting that (to date), it has received 1.5 million consumer complaints. Last year, the agency states in its filings with the Register, CFPB handled more than 320,000 consumer complaints.

More specifically, the agency said it is seeking comments with:

  • Specific discussion of the positive and negative aspects of its complaint and inquiry processes;
  • Specific suggestions regarding any potential updates or modifications to the complaint and inquiry processes, including details about the nature of the modification, and supporting data or other information on impacts and costs;
  • Specific best practices for complaint and inquiry, including how to ensure consumers are “provided with timely and understandable information to make responsible decisions about financial transactions and centralizing the collection of consumer complaints about consumer financial products or services.”

Comments for the first RFI (issued in January) on civil investigative demands and associated processes are due in about two weeks (April 26), after the end of a period extended to 90 days from the original 60.

Request for Information Regarding the Bureau’s Consumer Complaint and Consumer Inquiry Handling Processes

NASCUS listings of 12 CFPB RFIs (plus comments-due dates)


The statute creating the Consumer Financial Protection Bureau (CFPB) protects it from presidential will, an attorney for the claimant to the top position at the agency told a federal appeals court Wednesday. However, an attorney representing the government – and thus President Donald Trump – argued that provisions in the law creating the agency cannot stop the president from replacing an acting director, either “at will” or “for cause.”

In arguments before the U.S. Court of Appeals for the D.C. Circuit in Washington in the case of Leandra English (the deputy director of the bureau) versus Trump and CFPB Acting Director John M. “Mick” Mulvaney, English’s attorney Deepak Gupta argued that the appeals court’s decision last year in another case (PHH v. Richard Cordray, the former director of the bureau) recognized that the statute creating the agency (the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010) was designed to preserve the independence of the agency from presidential will.

“It would be quite strange if the court allowed this independent agency to be taken over by the president” in light of that decision, Gupta argued.

In response to English’s arguments by Gupta, Department of Justice Attorney Hashim M. Mooppan (representing Trump and Mulvaney as appellees) argued that the Federal Vacancies Reform Act of 1998 (FVRA) supersedes the Dodd-Frank statute’s provisions stating that the director can only be removed by the president “for cause.” He also argued that the “for cause” provision does not transfer to the acting director.

The person holding that position, he argued, can be removed at the will of the president.

He also rejected English’s argument (via Gupta) that the CFPB is not answerable to the OMB. He argued that if the president selected an acting director and ordered that person to run everything by the OMB, “that person would likely do so” on pain of being removed by the president.

In rebuttal, Gupta suggested that Congress, in establishing the bureau, did not want to have someone serving at the head of the CFPB “indefinitely” at the pleasure of the president (such as the acting director, after appointing a deputy director, resigns – and is then replaced by the deputy director indefinitely in the post).

The court took the arguments under advisement.


Old-timers around the state credit union system listening in to this week’s arguments over the CFPB succession likely heard a familiar (and repeated) case reference by the lawyers arguing their views: Swan v. Clinton. In that case (decided in November 1996), the DC circuit court of appeals affirmed a lower court ruling that NCUA Board Member Robert Swan (suing President Bill Clinton) was not protected from being replaced on the board by a recess appointee. According to the court, since Swan was serving in a “holdover capacity” when Clinton removed him from the board, the removal did not violate the terms of the Federal Credit Union Act, as Swan had argued.

Robert H. Swan, Appellant, v. William J. Clinton, Appellee


Guidance for credit unions and other financial institutions considering special insurance to offset financial losses from data breaches and other cyber incidents is offered in a joint statement released this week by federal financial institution regulators. However, the regulators noted that they do not now require financial institutions to maintain cyber insurance – and indicated that the best insurance against cyber threats remains ‘effective controls.’

In the statement issued by the Federal Financial Institutions Examination Council (FFIEC, which includes representatives of state financial regulators through the State Liaison Committee (SLC), NCUA and the other four federal financial institutions regulators), the council conceded that cyber insurance could offset financial losses from data breaches resulting in loss of confidential information (among other things) that is not covered by more traditional protection, and may be considered in financial institutions’ overall risk management.

“The evolving cyber insurance market and the shifting cyber threat landscape may, however, prompt financial institutions to consider whether cyber insurance would be an effective part of their overall risk management programs,” the exam council said in a release. “Financial institution management should assess the scope of coverage of current insurance and consider how cyber insurance may fit into the institution’s overall risk management framework,” the release states.

But the regulators made clear that insurance is only one component of a risk management strategy. “An effective system of controls remains the primary defense against cyber threats,” according to the statement. “Financial institutions ultimately remain responsible for maintaining a control environment consistent with the guidance outlined in the FFIEC IT Examination Handbook,” the statement concludes.

Joint Statement on Cyber Insurance and Its Potential Role in Risk Management Programs (PDF)


Speaking of cybersecurity, a webcast providing an overview of the cybersecurity framework developed by the National Institute of Science and Technology (NIST) – which serves as the building blocks for cybersecurity tools developed by NCUA and other federal banking regulatory agencies – is set for April 27. There is no charge for the one-hour session (from 1-2 p.m. ET). According to NIST, the webcast will offer a brief history of how the framework was developed, supply an understanding of basic components of the framework (core, implementation tiers, and profiles), demonstrate how the framework can be used by organizations, highlight the latest features added in version 1.1, and introduce the “Framework Roadmap and Industry Resources.” The audience will have an opportunity to ask questions during a Q&A session at the end of the presentation. Registration is not required, however NIST advises that those who do will receive an email reminder and correspondence regarding recordings and presentations. See the link for more information (and to consider registration).

Webcast: Cybersecurity Framework Version 1.1 Overview


The regulator of national banks said this week that his agency in the next two to three months would voice its position about whether a financial technology company (“fintech”) should be able to apply for a bank-like charter. Comptroller of the Currency Joseph Otting told a bankers’ group meeting in Washington that the charter would allow companies offering online lending and other financial services to operate nationally while adhering to federal banking standards. In other comments, Otting told the group: recommendations for regulator relief for banks from anti-money laundering, rules implementing the Bank Secrecy Act (BSA) would be submitted to the Treasury’s Financial Crimes Enforcement Network (FinCEN) “in the next couple of weeks;” a joint document addressing Community Reinvestment Act (CRA) reforms for banks would be released in two to four weeks by his agency in conjunction with the FDIC the Federal Reserve. He indicated the document would ask for input from banks on what CRA changes are recommended.

ON THE ROAD: Visiting the Mountain West

NASCUS President & CEO Lucy Ito is visiting the Mountain West, stopping in Las Vegas, Nev., to visit Silver State Credit Union (and President and CEO Scott Arkills), and WestStar Credit Union (and President & CEO Rick Schmidt); she also stopped in to visit with Nevada Financial Institutions Division Commissioner George Burns and his staff. Next stop: participating in a breakout session at Utah Credit Union Association’s annual meeting in Layton, Utah.

BRIEFLY: Changes in Arizona; NASCUS 101 around the corner; Summit discount

Tami Smull has left the Arizona Department of Financial Institutions as division manager for a position in the private sector, after 10 years of service. Marie Corral has been named division manager, credit unions for the department … just a little more than two more weeks until the free “NASCUS 101” live webinar April 30 from 2-3 p.m. ET featuring an overview of the benefits of membership. Learn about the NASCUS commitment to the industry and gain a better understanding of the association’s unique role in the credit union system … Speaking of big events, the NASCUS 2018 State System Summit July 16-19 in Orlando, Fla. (at Disney Yacht and Beach Club) is fast approaching. A unique event bringing together credit union regulators and practitioners for mutual exchange and dialog, the Summit features four days of programming and discussion exclusively about the state credit union system. See the link below for more information and registration.

NASCUS 101 Orientation/Onboarding Webinar Outline; April 30 2 p.m. ET

NASCUS 2018 State System Summit, July 16-19 (Orlando), info and registration

Information Contact:
Patrick Keefe, [email protected]

For more information about NASCUS's news and/or public relations, please contact our Marketing and Communications Department.