July 26, ’19 NASCUS Report

In wake of hearing, NASCUS seeks legislation
for secure service to cannabis businesses

Congress must swiftly pass legislation to ensure credit unions in states that have legalized cannabis use may continue to provide secure financial services to legal businesses of their members dealing with the substance, NASCUS said this week in the wake of a Senate hearing on the subject.

The Senate Banking Committee heard from fellow senators, credit union and bank witnesses, cannabis-related business owners and others in the hearing “Challenges for Cannabis and Banking.” For the most part, the hearing witnesses (including Sens. Corey Gardner, R-Colo., and Jeff Merkley, D-Oregon) made it clear that financial institutions should be able to provide financial services to legal cannabis businesses in their states.

In a statement following the hearing, NASCUS President and CEO Lucy Ito noted the state credit union system shares their concerns. “Without access to the financial system, cannabis businesses have to operate in cash, which poses public safety issues and fraud risks,” Ito said.

The NASCUS leader called the Senate hearing “an important first step.” However, she added that Congress needs to act. “We once again call on Congress to swiftly pass legislation that would ensure credit unions can serve their members and meet the needs of their communities by providing secure, financial services,” she stated.

Her statement also noted that the NASCUS Regulator Board and Credit Union Advisory Council recently approved a cannabis banking policy that moves NASCUS from merely calling for clarification—permissible or impermissible—to explicitly supporting federal legislation allowing financial institutions to provide financial services to state authorized cannabis businesses and to third-party businesses that serve the cannabis businesses.


Up to $700 million in monetary relief and penalties would be provided in a settlement between credit reporting agency Equifax and the CFPB and other federal and state agencies, the agencies said this week. The bureau was joined by the Federal Trade Commission (FTC), 48 states, the District of Columbia and Puerto Rico in announcing the agreement with Equifax. According to the agencies, the settlement (if agreed to by a federal court) would provide up to $425 million in monetary relief to consumers, a $100 million civil money penalty, and other relief.

The settlement is in response to a complaint and proposed stipulated judgment filed in federal district court in the Northern District of Georgia by the CFPB. The bureau alleged that Equifax engaged in unfair and deceptive practices in connection with the September 2017 data breach of Equifax’s systems that, the bureau said, affected approximately 147 million consumers. The bureau said the breach resulted in exposure of consumers’ sensitive personal information, including names, addresses, social security numbers, and dates of birth.

According to CFPB, the settlement requires Equifax to establish a consumer fund with up to $425 million available to provide affected consumers “with a broad array of redress.”

The fund, the agency said, would be used to provide reimbursements to affected consumers for time and money they spent related to the breach. If approved by the court, CFPB said, affected consumers may be eligible to receive money by filing one or more claims for up to $20,000 per consumer for lost time and money.

The bureau said all affected consumers would be eligible to receive at least 10 years of free credit-monitoring, at least seven years of free identity-restoration services, and, beginning Dec. 31, 2019 and for the next seven years, all U.S. consumers may request up to six free copies of their Equifax credit report during any 12-month period.

CFPB said the free copies would be provided to requesting consumers in addition to any free reports to which they are entitled under federal law.

If consumers choose not to enroll in the free credit monitoring product available through the settlement, they may seek up to $125 as a reimbursement for the cost of a credit-monitoring product of their choice.

CFPB, FTC and States Announce Settlement with Equifax Over 2017 Data Breach


The CFPB late Thursday issued an advance notice of proposed rulemaking (ANPR) that asks, among other things, whether a direct measure of a consumer’s personal finances – such as debt-to-income (DTI) ratio – should be retained as a requirement for the rule’s safe harbor after a temporary rule provision treating agency-backed mortgages as “qualified mortgages” (QMs) expires in early 2021.

The bureau’s ANPR asks this and other questions related to the expiration of the temporary QM provision – also known as the “GSE patch” – applicable under the bureau’s ability-to-repay/qualified mortgage (ATR/QM) rule to certain mortgage loans eligible for purchase or guarantee by the government-sponsored enterprises (GSEs), Fannie Mae and Freddie Mac. The provision is scheduled to expire Jan. 10, 2021.

The rule provides QM loans a safe harbor from liability (or presumption of compliance with the rule’s ATR requirements). A QM  complies with the rule’s 43% cap on a consumer’s DTI ratio, but a loan underwritten to satisfy the temporary QM provision, the “GSE patch,” is not required to meet that cap.

The bureau says it plans to allow the GSE patch to expire in January 2021, or after a short extension if necessary “to facilitate a smooth and orderly transition away” from it.
The ANPR invites comments on possible amendments to the ATR/QM rule, including whether to revise Reg Z’s definition of a qualified mortgage in light of the GSE patch’s scheduled expiration.

One of the issues for comment is whether the QM definition should retain a direct measure of a consumer’s personal finances – for example, a DTI ratio – and whether the definition should include an alternative method for assessing financial capacity.

The ANPR is out for comment for 45 days following its publication in the Federal Register.

Consumer Financial Protection Bureau Releases Qualified Mortgage ANPR


Clear communication from CFPB and the federal banking regulators (including NCUA) on appropriate use of alternative data in the underwriting process would bring fintech lenders greater certainty about their compliance with fair lending and other consumer protection laws, a witness for the congressional watchdog told a House task force Thursday.

In the testimony, Governmental Accountability Office’s (GAO) Lawrance L. Evans, Jr., managing director for financial markets and community investment, said that better communication would help federally regulated banks and credit unions better manage the risks associated with partnering with fintech lenders that use these data. “Additionally, this communication might allow fintech lenders and their bank partners to innovate and expand access to credit through the responsible use of alternative data,” he said.

Evans’ testimony was essentially a recounting of a study released last December by GAO regarding clarification on lenders’ use of alternative data. The Financial Services Committee’s Task Force on Financial Technologyheld a hearing Thursday on “Examining the Use of Alternative Data in Underwriting and Credit Scoring to Expand Access to Credit.”

In developing last year’s report, GAO said it talked to all of the federal financial institution regulators, including NCUA, and others. In their final report, the GAO noted that CFPB and the financial institution regulators have monitored fintech lenders’ use of alternative data by collecting information and developing reports on alternative data, but they have not provided lenders and financial institutions they supervise with specific guidance on using the data in underwriting.

Thursday’s testimony asserted that last year’s report recommended that regulators communicate in writing to fintech lenders and financial institutions that partner with fintech lenders on the appropriate use of alternative data in the underwriting process. GAO said the regulators concurred with the recommendation and said they all planned to take action on it.

Financial Technology: Agencies Should Provide Clarification on Lenders’ Use of Alternative Data


Credit union regulators from around the globe gathered in Chicago this week in a conference co-hosted by NASCUS and NCUA to discuss key issues – including cyber security, fintech developments and regtech initiatives. Among those in attendance at the annual conference of the International Credit Union Regulators’ Network (ICURN) — and participating in panel sessions on the 21st century credit union charter and mergers and acquisitions — were: NASCUS Regulator Board Chairman (and commissioner of the Texas Credit Union Department) John Kolhoff, NASCUS CEO (and ICURN Board member) Lucy Ito, Superintendent of Iowa Division of Credit Unions Katie Averill and Director of the Illinois Division of Financial Institutions Francisco Menchaca. The conference – a three-day event this year – is the largest annual international gathering of financial cooperative supervisors. It focuses on the latest trends and methodologies in supervision among its members around the world.

(In the photos (at left): NASCUS Regulator Board Chairman John Kolhoff and NASCUS President and CEO Lucy Ito participate in a panel discussion. (At right): Irish regulators (from the Central Bank of Ireland) discuss the plan for restructuring Irish credit unions.)

International Credit Union Regulators’ Network (ICURN)


Key sessions at the upcoming NASCUS 2019 State System Summit (Aug. 13-16 in San Francisco) are on the agenda, and final preparations for those sessions in the works, as the countdown to the annual event enters its final three weeks.

The NASCUS State System Summit – featuring more than 18 hours of educational sessions covering a wide variety of topics of specific interest to the state credit union system during its four-day run at Westin St. Francis San Francisco Hotel on Union Square – is the annual conference for NASCUS, bringing together senior credit union regulators and practitioners in a unique event for mutual exchange and dialog.

Among the top sessions scheduled at this year’s Summit are:

  • The Credit Union of the Twenty-First Century (presented by Dr. Stephen Rea, Postdoctoral Scholar, Department of Anthropology, University of California, Irvine) will look at how credit unions can prepare for the future by developing and deepening four models for the provision of consumer financial services: relationship banking, ambient banking, automated banking, and concierge banking.
  • Using Enterprise Risk Management (ERM) to Fuel Success (presented by Ancin Cooley, Principal, Synergy Credit Union Consulting) will make the case for why creating an ERM focused culture is an imperative for today’ credit unions, particularly as effective ERM is often the lynchpin of credit union sustainability and profitability.
  • CBD and Hemp Banking: The Next Frontier (presented by Deirdra O’Gorman, CEO, DX Consulting and Empyreal Logistics) will cover the current state of federal legislation regarding the status of cannabidiol (CBD) and hemp companies, and considerations for credit unions and other financial institutions currently banking or looking to bank these businesses.
  • Legislative Challenges and Opportunities (presented by Larry Blanchard, Public Affairs Consultant, CUNA Mutual Group; and, Megan Balogh, Director, Corporate & Legislative Affairs, CUNA Mutual Group) will share insights from two veterans of federal and state legislative advocacy on issues including privacy, cybersecurity, tax matters and the evolution of government sponsored enterprises (GSEs).

Also on the agenda for this year’s Summit:

  • A presentation by the winner of the “The Next Big Idea” awarded by the National Association of Credit Union Service Organizations (NACUSO). This year’s winner is Zogo Inc., which is building a “white-labeled” financial wellness application for smart phones which the firm says is backed by science to help teenagers become better at personal finance.
  • A ceremony honoring the 2019 Pierre Jay Award winner, Mary Hughes, acting director for the Idaho Department of Finance. The annual award – which recognizes individuals who best demonstrate outstanding service, leadership and commitment to NASCUS and the dual chartering system – honors Hughes’ career commitment to advance the state credit union system.
  • Remarks by NCUA Board Chairman Rodney Hood, and a ceremonial signing by the chairman of a new document of cooperation between the federal agency, NASCUS and state supervisory authorities (SSA)

Agenda, registration: 2019 NASCUS State System Summit


Fraud prevention – including its impact on the management of a credit union or any financial institution – is getting its fair share of attention lately, including by federal banking regulators, and by NASCUS with its upcoming school on the subject next month.

Case in point about the attention the subject is gaining: This week, the Office of the Comptroller of the Currency (OCC) issued a bulletin (OCC 2019-37) to national banks and thrifts, advising that institutions with significant and far-reaching retail-oriented business activities should have well-documented fraud risk management programs with appropriate monitoring, measurements and reporting, and mitigation.

The bulletin also stresses that “strong governance is of paramount importance to controlling the bank’s exposure to fraud,” and asserts that strong corporate culture against fraud is crucial for any size bank or its complexity.

“The tone at the top sets the foundation on which the bank operates,” the bulletin states. “The board and senior management have a responsibility to lead by example and demonstrate that the bank is serious about promoting ethical behavior to deter and prevent fraud. The board-adopted code of ethics (or code of conduct) should encourage the timely communication and escalation of suspected fraud through the appropriate oversight channel.”

The Aug. 27 NASCUS Fraud School – held in Ann Arbor, Mich. – will look at leadership responsibilities such as those in preventing fraud and more. That includes identifying and preventing occurrences of internal fraud through employee deception, dishonesty, and embezzlement schemes. In addition, real-life loss scenarios, identification of key warning signs, and discussion of which loss controls should be implemented to hold individuals responsible for their actions and minimize operational and reputational risk will also be addressed.

OCC Bulletin 2019-37: Fraud Risk Management Principles

NASCUS 2019 Fraud School, Aug. 27 (Ann Arbor, Mich.)

BRIEFLY: New leader at CT League has strong state creds

Welcome to Bruce Adams, new president and CEO of the Connecticut Credit Union League, a NASCUS member, who will take his seat Aug. 19. He succeeds Jill Nowacki, who has left for a position at another organization. Adams has strong state credentials: he is now the deputy commissioner of the state’s Department of Revenue Services. Before that, he was general counsel for the state’s lieutenant governor, providing legal, policy, and strategic counsel. He has also served as general counsel to the Connecticut Department of Banking, where he developed and executed agency policy and legislation, oversaw the agency’s enforcement activity, and supervised the government relations and consumer affairs units.

Information Contact:
Patrick Keefe, [email protected]

For more information about NASCUS's news and/or public relations, please contact our Marketing and Communications Department.