On May 30, 2023, NCUA’s Office of Inspector General issued its semiannual report to Congress covering the six-month period October 2022 through March 2023.

The report provided a general recap of the NCUA, and its OIGs, activities over the six-month period, including: highlights of the conditions present in the federally insured credit union industry, structural changes within NCUA, legislative highlights, audit activity as well as a listing of unimplemented MLR or Audit recommendations outstanding.

Highlights of the report NASCUS believes most relevant, with report page reference for detailed review, include:

AMAC Reestablished as an Independent Office
Page 6

On December 1, 2022, the Asset Management and Assistance Center (AMAC) was pulled out of the Southern Region and made into an independent office under the Field Program Offices. Offices are still located in Austin, Texas. Previous Deputy Cory Phariss (formerly under Southern Region Director Keith Morton) was named AMAC’s new president and now provides independent advisement to the NCUA Board on managing recoveries for the NCUSIF, implementing liquidation payouts, etc.

Charles Vice Selected as Director of Financial Technology and Access
Page 6

On January 3, 2023, former Kentucky Commissioner Charles Vice as named the Director of Financial Technology and Access, a newly established office created to advise the NCUA Board on fintech developments, cryptocurrency, blockchain and distributed ledger technology as well as methodologies to enhance NCUA’s virtual supervision processes and promote technology and other innovations in the industry.

OIG-22-07 FY 2022 Independent Audit of the NCUA’s Compliance with FISMA 2014
Page 13

CliftonLarsonAllen (CLA) performed a review of 20 OMB required core metrics in five security function areas (Identify, Protect, Detect, Respond, and Recover) to determine the effectiveness of the NCUA’s information security program (ISP) and the respective maturity levels. CLA concluded the NCUA ISP achieved an overall level 4- Managed and Measurable maturity level, complied with FISMA, and achieving the minimum to be considered effective overall. Weaknesses noted included the ineffective implementation of a subset of selected controls, especially four new weaknesses that fell in the risk management, identity, access management, and configuration management domains of the FY 2022 core metrics and resulting in four new recommendations to strengthen its ISP.

NCUA Audits Currently In Progress
Page 15

OIG audits currently in process include: NCUA’s Contracting Officer’s Representative (COR) Program; NCUA’s BSA Act Enforcement; Preventing and Detecting Cyber Threats (firewall and SIEM solution effectiveness); NCUA’s Quality Assurance Program and NCUA’s Federal Chartering Activities.

Unfulfilled Recommendations Currently Outstanding

A material number of the unaddressed recommendations outstanding relate to NCUA Information Technology Systems and/or continuity of operations. The following is not an exhaustive list of recommendations outstanding but those considered most substantial.

OIG-22-09 Audit of the NCUA’s Continuity of Operations Program (COOP),
Page 14

As the result of a self-initiated audit of the NCUA’s COOP it was determined a full failover test of NCUA’s IT network should be initiated to ensure potential weaknesses are identified and corrected. Further, the Office of Continuity and Security Management (OCSM) and the Office of the Chief Information Officer (OCIO), the two main offices involved in the COOP and security matters, should work to improve communications between their respective offices. Four recommendations within the report were provided to address the issues identified.

Material Loss Review Significant Recommendations on Which Corrective Action Has Not Been Completed
Page 17

OIG-18-07 FY2018 Federal Information Security Modernization Act Compliance, recommendation #8 – Enforcement of policy to remediate patch and configuration related vulnerabilities within agency defined timeframes.
OIG-22-06 Audit of the NCUA’s Minority Depository Institutions Preservation Program, Recommendation #2 – Implement and document appropriate policies and procedures to validate whether minority depository institutions continue to meet the minority depository institution definition.

Unfulfilled Recommendations Over 6 Months Old.
Page 18

OIG-18-07 FY2018 Federal Information Security Modernization Act Compliance, Recommendation #6—OCSM to complete employee background reinvestigations; #8 – Enforcement of policy to remediate patch and configuration-related vulnerabilities within agency defined timeframes; #9 — OCIO to implement a process to detect and migrate unsupported software to supported platforms; #10 – OCIO to implement a process to identify authorized software in its environment and remove unauthorized software.
OIG-19-10 NCUA Federal Information Security Modernization Act of 2014 Audit; Recommendation #4 – Implement, test, and monitor standard baseline configurations for all platforms in the NCUA IT environment in compliance with established NCUA security standards and document approved deviations from the baseline.
OIG-21-06 Audit of the NCUA’s Governance of Information Technology Initiatives, Recommendation #1 – Document and publish IT Investment Management policies and procedures to include definitions, roles, responsibilities, and processes associated with IT governance and selecting, controlling, and evaluating information technology investments.
OIG-21-09 NCUA Federal Information Security Modernization Act of 2014 Audit, Recommendation #1 – Review Supply Chain Risk Management NIST guidance and update plans, policies, and procedures.; Recommendation #2 – Document and implement a plan to deploy multifactor authentication to address increased risks with personnel teleworking without a PIV card; Recommendation #5 – Complete and issue policies to implement the Controlled Unclassified Information (CUI) program; Recommendation #7 – Redacted recommendation under 5 U.S.C. 552 (b)(7)(E).

Recommendations for Corrective Action Made During the Reporting Period
Page 21

OIG-22-07 NCUA Federal Information Security Modernization Act Audit, Recommendation #1 – Enforce the process to validate that expired MOUs and those expiring are prioritized for review, update, and renewal; Recommendation #2 – Conduct a workload analysis with OCIO and document a staffing plan to allocate sufficient resources to improve its ability to perform remediation of persistent vulnerabilities caused by missing patches, configuration weaknesses, and outdated software; Recommendation #3 – Analyze technologies employed within NCUA operational environment and document a plan to reduce the wide variety of different technologies requiring support and vulnerability remediation; Recommendation #4 – Implement a solution that resolved the privileged access management vulnerability.

OIG-22-09 Audit of NCUA’S Continuity of Operations Program

Report on Non-Material Losses to the NCUSIF
Page 22

Over the covered six-month period, limited reviews of four failed credit unions that incurred losses to the fund in amounts less than $25 million. The initial reviews indicated none of the losses warranted conducting additional audit work as they (1) were not unusual circumstances or (2) reasons identified for failure are already addressed in recommendations to the agency in the MLR Capping report or other MLR reports.

May 26, 2022 — The board meeting opened with a moment of silence in light of the recent tragedies across the country. The meeting agenda included one item for discussion – NCUA’s quarterly update on the National Credit Union Share Insurance Fund.

The Share Insurance Fund reported a net income of $54.4 million and a net position of $20.4 billion for the first quarter of 2022. The Fund’s total assets decreased to $20.6 billion at the end of the quarter from $20.7 billion at the end of the fourth quarter of 2021.

“The Share Insurance Fund continued to perform well in the first quarter,” NCUA Chairman Todd M. Harper said. “Quarterly net income rose by approximately $42 million due to the continued reduction of expected losses associated with the remaining legacy assets of the Corporate System Resolution Program. That is positive news. We are now seeing a normalization of the Share Insurance Fund’s performance to what it was before the Board decided to fold the Temporary Corporate Credit Union Stabilization Fund into the Share Insurance Fund.”

There were two credit union failures in the first quarter, both saw fraud as a contributing factor. The board noted that as a remote posture continues for many across the industry, the continued concern over fraud remains top of mind.

The NCUSIF equity ratio is projected to be 1.25% for the period ending June 30, 2022. While not at the statutory level of 1.3% it is not at a level low enough to trigger the requirement for a premium assessment.

“Although the equity ratio sits below an ideal level, it remains relatively stable,” said Chairman Harper. “Nevertheless, we continue to see a slow, steady decline of the equity ratio due to continued elevated insured share growth and low interest rates, at least from a historical perspective. As such, the NCUA Board must continue to monitor the Share Insurance Fund’s performance and remain ready to act. Such monitoring includes assessing the effects of the changing interest-rate environment on the Fund’s portfolio.”

It was reported that they are now seeing a normalization of share insurance performance. The equity ratio remains relatively stable, but the NCUA board must continue to monitor its performance

Assessing effects of the interest rate environment
Investment portfolio is valued based on the market
Changes in the value of assets are expected
Unrealized losses do not impact ratio nor trigger requirement for premium assessment

Additionally, the NCUA is working with its Investment Committee to develop a new Investment Policy which is expected to be presented to the Board by Q4 2022. As well as adjusting its investment strategy from a 7 to a 10-year ladder due to the rate environment.

At the Q2 NCUSIF update, it was noted that the report will the data from the implementation of the “S” Sensitivity rating to the CAMELS rating. It was also discussed and noted that NCUA is developing guidance for examiners to work with credit unions regarding the sensitivity to market risk and will continue to treat all credit unions equitably.

Finally, the Board gave a quick update on the latest NCUA LTCU 2022-CU-07

NCUA expects CUs to exercise sound judgment and that the considerations in the letter should not be considered all-inclusive. The Board expects the letter to lead to follow-up conversations and the NCUA expects greater FinTech rulemaking in the future.

Read the NCUA Board Action Bulletin here.

The Fed’s Board of Governors released the May 2022 Financial Stability Report, which presents key insights into the state of the American economy. What did the Federal Reserve’s latest decisive document reveal?

Monday, May 9, the central bank of the United States shared its biannual report on the national financial system. While the report’s purpose is to assess the resilience of the U.S. economy, it also identifies and measures significant risks.

In the most recent edition, the Fed Financial Stability Report warns of “increased uncertainty about the economic outlook.”

Important takeaways from the Fed Financial Stability Report

As of May 2022, the Federal Reserve has identified a series of risks contributing to market liquidity decline:

Increasing interest rates;
Russian invasion of Ukraine;
Omicron variant news;
Elevated inflation;
Monetary policy tightening;
Employment losses;
High debt levels in China

Dr. Lisa Cook Credit: Harley Seeley for Minneapolis Fed photo

The Senate confirmed economist Lisa Cook on Tuesday to serve on the Federal Reserve’s board of governors, making her the first Black woman to do so in the institution’s 108-year history.

Her approval was on a narrow, party-line vote of 51-50, with Vice President Kamala Harris casting the decisive vote.

Senate Republicans argued that she is unqualified for the position, saying she doesn’t have sufficient experience with interest rate policy. They also said her testimony before the Senate Banking Committee suggested she wasn’t sufficiently committed to fighting inflation, which is running at four-decade highs.

Cook has a doctorate in economics from the University of California, Berkeley, and has been a professor of economics and international relations at Michigan State since 2005. She was also a staff economist on the White House Council of Economic Advisers from 2011 to 2012 and was an adviser to President Biden’s transition team on the Fed and bank regulatory policy.

Some of her most well-known research has focused on the impact of lynchings and racial violence on African American innovation.

Cook is only the second of Biden’s five nominees for the Fed to win Senate confirmation. His Fed choices have faced an unusual level of partisan opposition, given the Fed’s history as an independent agency that seeks to remain above politics.

Some critics charge, however, that the Fed has contributed to the increased scrutiny by addressing a broader range of issues in recent years, such as the role of climate change on financial stability and racial disparities in employment.

Biden called on the Senate early Tuesday to approve his nominees as the Fed seeks to combat inflation.

“I will never interfere with the Fed,” Biden said. “The Fed should do its job and will do its job, I’m convinced.”

Fed Chair Jerome Powell is currently serving in a temporary capacity after his term ended in February. He was approved by the Senate Banking Committee by a nearly unanimous vote in March.

Fed governor Lael Brainard was confirmed two weeks ago for the Fed’s influential vice chair position by a 52-43 vote.

Philip Jefferson, a economics professor and dean at Davidson College in North Carolina, has also been nominated by Biden for a governor slot and was approved unanimously by the Finance Committee. He would be the fourth Black man to serve on the Fed’s board.

Biden has also nominated Michael Barr, a former Treasury Department official, to be Fed’s top banking regulator, after a previous choice, Sarah Bloom Raskin, faced opposition from West Virginia Democratic Sen. Joe Manchin.

Cook, Jefferson, and Barr would join Brainard as Democratic appointees to the Fed. Yet most economists expect the Fed will continue on its path of steep rate hikes this year.

Courtesy of NPR/Associated Press

May 10, 2022 — Customer satisfaction in the U.S. is now at its lowest level in 17 years, sliding 0.1% to a score of 73.2 (out of 100) in the first quarter of 2022, according to the national American Customer Satisfaction Index (ACSI^®).

Rarely has the U.S. economy faced as many challenges as it does today. While it would not be surprising that GDP growth might slow due to falling customer satisfaction, this is actually not what’s happening now.

It’s true that customer dissatisfaction has a dampening effect on discretionary household spending. It’s also true that household spending is the largest component of GDP. However, GDP, which contracted by 1.4% in the first quarter, didn’t fall due to weak consumer spending. On the contrary, annual consumer spending has been strong because of pent-up demand due to COVID-19 and because it was financed by robust household savings. GDP shrank because of weak exports. Long term, however, household savings cannot be a major source of consumption funding.

If adjusted for inflation, and once inflation itself is adjusted for the service and product quality deterioration reflected in ACSI, consumer spending will no longer prop up GDP. Supply chain problems will continue. Labor shortages will also be a factor in the foreseeable future. Both contribute to more inflation.

“Global trade, and especially international supply chains, will continue to be disrupted. Combined with the prolonged customer satisfaction decline, it’s evident the U.S. faces complicated economic challenges,” said Claes Fornell, founder of the ACSI and the Distinguished Donald C. Cook Professor (emeritus) of Business Administration at the University of Michigan. “If households continue to use savings to finance consumption, it might neutralize some of the economic pressures in the short term, but it will also create a very different economy – one where demand continues to exceed supply. And that’s not sustainable because it fosters monopoly tendencies in the sense that it will matter less if customers are satisfied or not: Sellers will continue to gain pricing power, which further fuels inflation, and buyers compete with one another while sellers don’t compete much at all.”

The Changing Climate for Credit Unions

Climate change is one of the most important—if not the most important—challenges of the twenty-first century. Transformational change is necessary to confront and adapt to the increasingly severe impacts of climate change. Credit unions are in unique position to aid in this transformation.

EXECUTIVE SUMMARY
Credit unions are an integral part of the U.S. consumer finance system, offering an important alternative to commercial banks and nonbank financial service providers. As a result, credit unions have an essential role to play as financial system stakeholders mobilize to address climate change and the challenges it creates, and ultimately, as the United States undertakes a transition to a net-zero carbon emission economy.

This research report offers an overview of the implication of climate change for credit unions, and recommendations for more effective climate risk management. It describes the climate-related physical and transition risks facing credit unions, the potential impact of climate change on credit unions, the current state of credit union approaches to climate change, and the opportunities available for credit unions from climate adaptation finance. It also provides concrete recommended actions that individual credit unions can take to begin to measure and mitigate the impacts of climate change on their organizations and the credit union system.

Now is the time for credit unions to double down on driving equitable financial services in our most vulnerable communities. Experience shows that credit unions most responsive to member needs during or immediately after climate crises are rewarded with member growth, visibility, and loyalty. Preparing now to cushion blows with flexible financing can be critical to the long-term sustainability of the institution and community.

This report offers an overview of the implications of climate change for credit unions, the risks facing credit unions, and the opportunities available for credit unions to adapt their strategies toward advancing climate solutions. Download the report and learn more about your credit union’s role in combating climate change.

Click here to download/read the report (login required)
Courtesy of Filene Research Institute

The tech giant is working with fintech CNote to help underserved communities.

The multinational technology company Apple, maybe best known for the iPhone, announced Thursday that it is working with fintech company CNote to deploy $25 million of its own money into community development financial institutions (CDFIs), low-income designated credit unions and minority depository institutions (MDIs).

According to a statement, the $25 million infusion is part of Apple’s “broader Racial Equity and Justice Initiative, an effort to address systemic racism in America and expand opportunities for communities of color.”

Apple is using the fintech company CNote to disperse the funds to several credit unions and community banks across the country. According to CNote, the credit unions receiving the funds include the following:

ANECA Federal Credit Union in Louisiana;
Education Credit Union in Texas;
Hope Credit Union, which serves Alabama, Arkansas, Louisiana, Mississippi and Tennessee;
Kaua’i Federal Credit Union in Hawai’I;
Latino Community Credit Union in North Carolina; and
Self-Help Federal Credit Union with locations in California, Illinois, Washington and Wisconsin.

“We’re committed to helping ensure that everyone has access to the opportunity to pursue their dreams and create our shared future,” Lisa Jackson, Apple’s vice president of Environment, Policy and Social Initiatives, said. “By working with CNote to get funds directly to historically under-resourced communities through their local financial institutions, we can support equity, entrepreneurship and access.”

“Corporations have an enormous opportunity to help communities across the U.S. thrive by changing the way they manage their cash reserves, and we’re excited to see Apple at the forefront of this emerging trend,” Catherine Berman, CEO of CNote, said. “Through our platform, we have already started moving Apple deposits into low-income communities and communities of color.”

According to CNote, the company has already deployed an initial round of Apple’s deposits to those institutions.

Article “Apple Pumps $25 Million Into Credit Unions & MDIs” Courtesy of Michael Ogden, Credit Union Times

Two senators are raising concerns following an announcement by Fidelity that it will allow customers to allocate bitcoin to their 401(k) retirement accounts.

Sen. Elizabeth Warren (D-MA) and Sen. Tina Smith (D-MN) have sent a letter to Fidelity that cites the volatile nature of bitcoin and that asks the company how it plans to deal with “significant risks such as fraud, theft, and loss” posed by the leading cryptocurrency. Investing in cryptocurrencies is a risky and speculative gamble, and we are concerned that Fidelity would take these risks with millions of Americans’ retirement savings,” the letter states.

The letter goes on to state that “bitcoin’s volatility is compounded by its susceptibility to the whims of just a handful of influencers,” and it specifically cites Elon Musk. In addition the letter asks why Fidelity disregarded the Department of Labor’s (DOL) concerns.

Available in 2023

Boston-based Fidelity Investments had earlier announced it will begin to offer bitcoin as an investment option in its 401(k) plans by the middle of 2023.

Fidelity is the largest 401(k) plan provider in the United States, acting as custodian for 23,000 plans, which have 20.4 million participants. In total, those plans represent $2.7 trillion in assets under management, according to the company.

It is also the first major 401(k) provider to offer cryptocurrency as an investment for retirement savers.

“The bitcoin option, however, will only be on offer to participants whose employers have elected to include it in their plan,” CNN reported, adding Fidelity did not specify how many employers have already signed on.

“But we have a number of clients that have committed and a number of others in the evaluation process,” said Dave Gray, Fidelity’s head of workplace platforms and products.

He expects to hear from more clients now that Fidelity has publicly announced the news, according to CNN.

“As with any other investment in a 401(k) plan, participants can elect to direct a portion of their regular savings contributions into what will be known as their digital asset account (DAA) where their bitcoin will be held,” CNN reported. “They also can elect to transfer money to their DAA from another investment they have within the plan. And they can take distributions from that account.”

Limits to be Set

“But limits will be set on how much they can contribute. Fidelity won’t allow any employer to set that limit higher than 20%,” Gray told CNN. “But employers may set the limit much lower, for example 5%. And that limit will also apply to how much money an employee can transfer into their DAA as a percentage of the 401(k)’s total assets.

There will also be a limit set on how frequently one can make “round-trip trades” into or out of the account. “We designed this from the point of view of investors that look at bitcoin as a long-term retirement savings opportunity. It’s not for intraday trading or someone looking to trade on market swings,” Gray told the news outlet.

The report notes there will be a trading fee, which has yet to be announced. And the annual fee for the administration will be between 75 and 90 basis points of the assets in the account. That’s for custody, accounting and administration of the DAA, Gray added.

Fidelity is also providing plan sponsors with materials and tools to educate participants about the risks and volatility inherent in investing in bitcoin.

Labor Department Warning

The Labor Department has issued a warning that retirement accounts must meet the minimum standards of protection for participants set by the Employee Retirement Income Security Act. The Labor Department said it is very concerned about the prospect of 401(k) participants being exposed to the extreme volatility of crypto trading.

Bitcoin, currently trading just under $40,000, is down nearly 27% in the past 12 months, and is down about 15% this year alone.

Senators Demand Answers from Fidelity Over Plan to Allow Bitcoin As Part of 401(k) Accounts Article courtesy of CUToday.info

Courtesy of Matthew Boesler and Steve Matthews, Bloomberg

Interest-rate increase marks largest upward move since 2000
Stocks rally as Powell pushes back on 75 basis-point Fed move

The Federal Reserve delivered the biggest interest-rate increase since 2000 and signaled it would keep hiking at that pace over the next couple of meetings, unleashing the most aggressive policy action in decades to combat soaring inflation.

The U.S. central bank’s policy-setting Federal Open Market Committee on Wednesday voted unanimously to increase the benchmark rate by a half percentage point. It will begin allowing its holdings of Treasuries and mortgage-backed securities to decline in June at an initial combined monthly pace of $47.5 billion, stepping up over three months to $95 billion.

“Inflation is much too high and we understand the hardship it is causing and we are moving expeditiously to bring it back down,” Chair Jerome Powell said after the decision in his first in-person press conference since the pandemic began. He added that there was “a broad sense on the committee that additional 50 basis-point increases should be on the table for the next couple of meetings.”

Powell’s remarks ignited the strongest stock-market rallyon the day of a Fed meeting in a decade, as he dashed speculation that the Fed was weighing an even larger increase of 75 basis points in the months ahead, saying that it is “not something that the committee is actively considering.”

Fed's balance sheet is equivalent to a third of the size of U.S. GDP

Google is offering a new tool to anyone who doesn’t want their phone number, email or street address and other personal information to be found online: People can ask for their contact details to be stripped from search results.

“The availability of personal contact information online can be jarring,” said Michelle Chang, Google’s global policy lead for search, as she recently announced the change. She noted that the data could result in “unwanted direct contact or even physical harm.”

The new policy sharply lowers Google’s bar for removing data from search results. While it previously offered to scrub personal and financial information in cases of a real or potential threat — such as doxxing or identity theft — the company says people can now ask for their information to be removed even if there’s no clear risk.

You can fill out a form to take your contact info out of search results

Anyone wanting to submit a removal request can use a special online form that walks users through the process. It asks for things like the URL of any webpages displaying your personal data, along with the search terms and URL of the Google search you used to find those pages. It also recommends including screenshots.

“It’s important to remember that removing content from Google Search won’t remove it from the internet, which is why you may wish to contact the hosting site directly, if you’re comfortable doing so,” Chang said.

Even with the changes, there are still a few reasons Google might deny a removal request. They mainly deal with information that is deemed “broadly useful” or part of the public record, such as newsworthy data or material that’s posted to government sites or other official outlets.

Along with contact information, you can ask Google to remove results that include login credentials and other sensitive data.

Google also recently changed its policy on photos of minors

Google is expanding its policy around protecting personal information because users requested the change, Chang said. Noting the chance for malicious use of such data, she said the service is evolving along with the internet.

The new search policy comes six months after Google made another change to allow minors or their caregivers to request their images be removed from its search results. That shift came as Google and other tech companies faced criticism over their policies toward children and minors.

One of the largest early adjustments for Google’s search tools came from Europe, where a Spanish man’s case established the “right to be forgotten” in 2014. In the four years that followed, Google said, people made more than 650,000 requests to remove specific websites from its search results.

Click here to listen to the article “You can now ask Google to take your personal data out of its search results”
Courtesy of Bill Chappell, NPR

NASCUS Summary of the OIG NCUA Semiannual Report to Congress