Courtesy of Jesse Coghlan, CoinTelegraph.com

The United States commodities regulator is set to take a close look at the decentralized finance space at an upcoming meeting of its tech committee, where it has also invited crypto industry executives to present.

The Commodities Futures Trading Commission (CFTC) announced on March 1 that the agenda for the March 22 meeting of its Technology Advisory Committee will include a panel on “exploring issues in decentralized finance.”

Other panels will explore responsible Artificial Intelligence (AI) development and possible threats arising from AI along with cybersecurity threats to financial markets.

CFTC commissioner Christy Goldsmith Romero said in a statement the panel has an opportunity “to look past labels and examine the issues presented by DeFi thoughtfully and holistically,” adding:

“A discussion about DeFi, including cyber vulnerabilities, indicators of ‘decentralization,’ digital identity and unhosted wallets, will contribute to ongoing policy discussions in Washington, D.C. and beyond the beltway.”

The panel will include presentations that provide an overview of the DeFi ecosystem and will discuss decentralization issues, digital identity, noncustodial crypto wallets and exploits.

Executives from crypto companies including crypto custody platform Fireblocks, security company Trail Of Bits, venture capital firm Terranet Ventures and blockchain intelligence firms TRM Labs and Metrika are slated to present during the meeting.

The meeting agenda will also include a session that considers a subcommittee on crypto and blockchain technology in another move to help cement its bid to win regulatory jurisdiction over crypto.

Last month, the CFTC’s Global Markets Advisory Committee discussed digital asset markets at its inaugural meeting.

Commissioner Caroline Pham, who oversaw the Feb. 13 meeting, said that crypto markets are “truly borderless” and urged policymakers to “understand what is happening” so the policy approach by the U.S. “does not leave Americans behind and playing catch-up.”

The CFTC has been edging for regulatory control of the burgeoning crypto sector from the Securities and Exchange Commission, with CFTC commissioners urging Congress to give the regulator oversight overcrypto.

CFTC chairman Rostin Behnam has similarly attempted to justify why the regulator should have authority over the space, saying the commission was “well positioned” to address regulatory shortfalls.

Courtesy of Anna Hrushka, BankingDive

Brief:

Newark, Ohio-based Park National Bank agreed to a $9 million settlement with the Justice Department to resolve allegations the bank engaged in lending discrimination in the Columbus metropolitan area, the agency announced Tuesday.
Park National failed to provide home loans in majority-Black and Hispanic neighborhoods in the Columbus area between 2015 and 2021, the DOJ said.
The settlement is the sixth redlining-related penalty to be levied against a lender since the DOJ, in lock-step with the Consumer Financial Protection Bureau and the Office of the Comptroller of the Currency, stepped up efforts to crack down on the practice in 2021.

All of Park National’s branches and mortgage lenders in the Columbus area were concentrated in majority-white neighborhoods, the DOJ alleges in its complaint. The $9.8 billion-asset bank failed to take any meaningful measures to compensate for its lack of physical presence in majority-Black and Hispanic communities, the DOJ said.

As part of the consent order, Park National has agreed to invest at least $7.75 million in a loan subsidy fund to increase access to credit for home mortgage, improvement and refinance loans, as well as home equity loans and lines of credit in majority-Black and Hispanic neighborhoods in the Columbus area, the agency said.

The bank will also commit $750,000 to outreach, education and credit counseling initiatives, as well as $500,000 to developing community partnerships in majority-Black and Hispanic areas, according to the DOJ.

“When banks fail to provide equal access to lending services in neighborhoods of color, they engage in modern-day redlining and exacerbate the racial wealth gap in our country,” Kristen Clarke, assistant attorney general of the DOJ’s Civil Rights Division, said in a statement Tuesday. “The Justice Department will continue to fight to fulfill the promise of our nation’s fair lending laws while tearing down the discriminatory barriers that deny Black people and other people of color access to economic opportunity and homeownership.”

Park National said it has identified proactive steps to create more opportunities to connect with prospective borrowers and has several home lending initiatives underway.

“While we disagree with any suggestion that intentional discrimination took place, we are united with the DOJ in our commitment to ensuring equal access to credit for all consumers,” Park National CEO David Trautman said in a statement Tuesday.

In a separate statement to Banking Dive, Trautman said Park National Bank “takes pride in our heritage of corporate citizenship, philanthropy, and compassionate support for all communities.”

“We condemn discrimination in any form and stand firm in our commitment to providing equal access to credit for all borrowers,” Trautman said. “We look forward to creating even more opportunities for individuals and families to achieve the dream of home ownership.”

Tuesday’s consent order follows a $31 million settlement the DOJ reached with Los Angeles-based City National Bank in January over claims the bank avoided providing mortgage-lending services to majority-Black and Hispanic neighborhoods in Los Angeles County.

The DOJ said it has levied $84 million in penalties since the launch of its Combating Redlining Initiative.

Courtesy of Harry Cooperman, Darrell Duffie, Alena-Kang Landsberg, Stephan Luck, Zachry Wang, and Yilin (David) Yang, Liberty Street Economics, Federal Reserve Bank of New York

In the United States, most commercial and industrial (C&I) lending takes the form of revolving lines of credit, known as revolvers or credit lines. For decades, like other U.S. C&I loans, credit lines were typically indexed to the London Interbank Offered Rate (LIBOR). However, since 2022, the U.S. and other developed-market economies have transitioned from credit-sensitive reference rates such as LIBOR to new risk-free rates, including the Secured Overnight Financing Rate(SOFR). This post, based on a recent New York Fed Staff Report, explores how the provision of revolving credit is likely to change as a result of the transition to a new reference rate.

Revolving Credit and Bank Funding Risk

As of January 10, 2021, the twenty largest U.S. bank holding companies had around $2 trillion of credit line commitments, of which approximately $1.5 trillion were committed but remained undrawn. Credit lines give companies the option to borrow funds at a pre-agreed fixed spread over a floating reference rate. When borrowers draw on their lines, banks need to source the required cash—sometimes by borrowing in wholesale funding markets. Because credit line drawdowns tend to be larger when funding markets are stressed, the provision of revolving credit is associated with a funding risk.

During the global financial crisis (GFC) and the COVID recession, firms drew heavily on their credit lines and bank wholesale funding costs rose sharply, while risk-free rates fell. Our measure of bank funding spreads is the difference between three-month LIBOR and the three-month overnight index swap (OIS) rate, or LIBOR-OIS, which peaked at 130 basis points during the COVID shock and reached nearly 350 basis points after Lehman’s failure (see both panels below). At the same time, corporate lending increased by 20 percent at the beginning of the COVID pandemic in March 2020 and by about 6 percent following Lehman’s failure. In both periods, the increase in C&I lending was almost entirely caused by drawdowns of existing credit lines, mostly to large corporate borrowers. This correlation between line draws and bank funding costs is key to understanding the impact of reference rate transition on the provision of revolving lines of credit: the greater the covariance between these two key variables, the higher the expected cost to bank shareholders of providing credit lines.

Increase in Bank Funding Costs and Corporate Draws during the Global Financial Crisis and COVID

A two-panel Liberty Street Economics chart plots bank funding rates from the global financial crisis (GFC) and COVID-19 pandemic. During the GFC and the pandemic-led recession, firms drew heavily on their lines when bank wholesale funding costs rose sharply, while risk-free rates fell. — *Sources: Bloomberg L.P.; Federal Reserve Bank of St. Louis, FRED database.*
Notes: The panels plot bank funding rates and large bank C&I lending during the global financial crisis and the COVID-19 shock. Vertical lines mark important dates for the crises (left to right: BNP Paribas freezes funds citing problems with subprime mortgages, Lehman Brothers files for bankruptcy; World Health Organization declares COVID-19 a pandemic).

Credit-Sensitive Reference Rates and Credit Supply

Linking revolvers to credit-sensitive rates like LIBOR discourages borrowers from drawing on their credit lines when bank funding costs are high. In contrast, risk-free reference rates typically fall when markets are stressed, increasing the incentive for borrowers to draw on their lines. Thus, the transition to risk-free reference rates increases the covariance between line draws and bank funding spreads. This could raise the cost to bank shareholders of offering revolvers. In September 2019, a collection of banks wrote to bank regulators, stating:

“. . . The natural consequence of these forces will either be a reduction in the willingness of lenders to provide credit in a SOFR-only environment, particularly during periods of economic stress, and/or an increase in credit pricing through the cycle. In a SOFR-only environment, lenders may reduce lending even in a stable economic environment, because of the inherent uncertainty regarding how to appropriately price lines of credit committed in stable times that might be drawn during times of economic stress.”

In our Staff Report, we analyze a theoretical model of revolving credit provision and find that the choice of reference rates impacts the provision of credit lines. We show theoretically that bank funding of credit line draws reduces the market value of bank equity, a form of debt overhang. The debt overhang arises as bank shareholders bear a disproportionate share, relative to existing bank debt holders, of the interest expense for funding line draws by borrowing new funds. This cost to bank shareholders is larger if credit lines are drawn when bank funding costs are high relative to risk-free rates. Banks will price these anticipated debt-overhang costs into credit lines at origination. However, the increased cost to bank shareholders of offering revolvers is smaller if (1) reference rates are credit-sensitive, reducing borrowers’ incentives to draw heavily under stressed market conditions, or (2) banks expect funding costs to be lower because some of the drawn funds will be left on deposit.

We calibrate our model to show that, to the extent that debt overhang increases the cost to borrowers of obtaining revolvers, borrowers react by choosing smaller credit-line limits. In our baseline calibration, shown in the right panel of the chart below, we find that transitioning from LIBOR to SOFR implies a reduction of about 5 percent in aggregate credit line commitments. Further, while our model predicts a moderate decline in expected drawdowns of 3 percent, we find that the transition will drastically alter when credit lines are used. We find that during normal times, when bank funding spreads and LIBOR-OIS are low, the reference rate transition reduces line draws because the drawn interest rate is higher under SOFR than it would be under LIBOR (left panel of the chart). By contrast, during times of financial distress, when LIBOR-OIS rises sharply relative to SOFR, borrowers draw significantly more credit on SOFR-linked lines than they would on LIBOR-linked lines. For instance, we find that for episodes with funding spreads at the level attained during the GFC, drawdowns would be around 67 percent higher under SOFR than under LIBOR.

Effect of the LIBOR-SOFR Transition on Credit Line Prices, Aggregate Drawn Quantities, and Aggregate Credit Line Commitments

Two-panel Liberty Street Economics chart showing the effect of the LIBOR-SOFR transition on credit line prices, aggregate drawn quantities, and aggregate quantities of credit lines. — *Source: Author calculations.*
Notes: All parameters are as specified in the accompanying *Staff Report*. The horizontal dashed-dotted lines in the right panel indicate the sizes of the credit lines. Vertical lines are shown at the sample average of LIBOR-OIS (28 basis points), at the level of LIBOR-OIS reached in the COVID-19 shock of March 2020 (140 basis points), and at the level of LIBOR-OIS reached during the global financial crisis (360 basis points). The left panel shows interest rates while the right panel shows quantities drawn and/or committed.

In our calibrated model, the representative bank prices this behavior into the terms of new credit lines, and consequently the expected cost of drawn credit increases by roughly 15 basis points. The corresponding welfare loss (as measured by the sum of bank profit and borrower utility) is about 3 percent. For our representative bank, a welfare-maximizing reference rate has about 80 percent of the credit sensitivity of LIBOR. The welfare-maximal reference rate is estimated to be much closer to SOFR for banks with much lower funding costs than the representative bank in our calibration. Note that our estimates of the effects of the transition are sensitive to assumptions about important model parameters, such as the elasticity of credit demand and the likelihood of financial distress.

Bank Heterogeneity and the Role of Deposit Inflows

During the GFC, corporate borrowers drew heavily on their credit lines without depositing much of what they drew, forcing banks to raise funds at high credit spreads. However, if a significant portion of drawdowns is expected to be left on deposit at the same bank, then the expected cost to bank shareholders of providing revolvers is reduced, because corporate deposits are typically a cheap source of bank funding, even in stressed markets. To the extent that banks anticipate cheap deposit funding of line draws, they will offer revolvers at correspondingly cheaper pricing terms.

When the COVID shock occurred, large U.S. banks funded the bulk of drawdowns from relatively inexpensive sources. Across the banks in our sample, 89 percent of total corporate drawdowns were left on deposit—a very cheap source of funding. However, low-cost deposit funding of credit line draws was prevalent only among the very largest U.S. banks. At the regional banks in our sample, we estimate that only 42 percent of line draws were left on deposit. These banks turned to Federal Home Loan Banks (FHLBs) for about 40 percent of the funding needed to cover draws on revolvers. FHLB funding, while more expensive than corporate deposits, was nevertheless available at rates significantly lower than LIBOR.

In our baseline calibration, the representative bank funds drawdowns primarily, but not entirely, with wholesale unsecured borrowing. We see in the chart below that if banks expect that a larger fraction of line draws will be left on deposit, credit provision could actually increase with the transition to SOFR, both in terms of line sizes and expected amounts drawn. By contrast, if banks expect relatively little or none of the line draws to be left on deposit—more akin to the GFC experience and less than assumed in our baseline calibration—then the reference rate transition could lead to a larger decrease in credit provision than is suggested by our baseline calibration.

The Effect of Increasing the Maximal Fraction of Drawdown Deposited

Our results also imply that the reference rate transition will lead banks with low costs for funding line draws to increase spreads on revolvers by less than banks with higher funding costs. Given variation in historical funding spreads and deposit inflows, our findings thus suggest differential impacts of the reference rate transition on regional banks relative to the largest U.S. banks.

Wrapping Up

Our results suggest that the transition from credit-sensitive reference rates like LIBOR to risk-free reference rates such as SOFR is likely to increase expected borrowing costs on revolving lines of credit. This impact is smaller for banks with lower funding spreads, or even reversed if the deposit inflows that are anticipated under stressed market conditions are sufficiently large. Empirically, we find that during the COVID shock, the extent to which line draws were left on deposit was much lower at regional U.S. banks than at the largest U.S. banks. Because of this, the reference rate transition could impact the provision of credit lines more for regional U.S. banks than for the largest U.S. banks. It is therefore not surprising that regional banks wrote to bank regulators in 2019 about their concerns over the reference rate transition.

Our findings should not be interpreted as suggesting that a transition away from LIBOR has negative overall benefits. It is well documented that LIBOR is not a trustworthy benchmark funding rate, given how it was manipulated and the paucity of transactions data that was used to determine LIBOR, especially under stressed market conditions. Our analysis, however, suggests that when debt overhang costs associated with funding credit line drawdowns are high, C&I lending could be higher and borrowing costs could be lower under a credit-sensitive reference rate than under a risk-free reference rate.

NCUA’s Letter to Credit Unions (23-CU-01)

Dear Boards of Directors and Chief Executive Officers:

This letter outlines the NCUA’s supervisory priorities and other updates to the agency’s examination program for 2023. Our focus will be on the areas posing the highest risk to credit union members, the credit union industry, and the National Credit Union Share Insurance Fund (Share Insurance Fund).

The NCUA will conduct examination and supervision activities both onsite and offsite, as appropriate. Examiners will continue to conduct some examination activity offsite when the activity can be completed efficiently and effectively at credit unions that can accommodate offsite work.

The agency’s exam flexibility initiative will continue in 2023, which establishes an extended exam cycle for certain credit unions.¹ The NCUA will also continue our Small Credit Union Exam Program in most federal credit unions with assets under $50 million. For all other credit unions, NCUA examiners will use the agency’s risk-focused examination procedures.

Below are the NCUA’s primary areas of supervisory focus in 2023.

Supervisory Priorities for 2023

Interest Rate Risk

Interest rates rose significantly across the yield curve during 2022, elevating interest rate risk (IRR) and the related exposure to earnings and capital. This sharp rise in rates has amplified market risk because a credit union’s assets and liabilities do not reprice equally, potentially impacting net economic values and credit unions’ projected earnings.

In September 2022, the NCUA issued Letter to Credit Unions 22-CU-09, Updates to Interest Rate Risk Supervisory Framework, and Supervisory Letter 22-01, Updates to Interest Rate Risk Supervisory Framework, updating the NCUA supervisory framework for IRR.

With the April 2022 addition of the Sensitivity to Market Risk, or “S,” component to the CAMELS rating system, the agency has formalized the focus on IRR as a specific rating category separate from liquidity risk.

High levels of IRR can increase your credit union’s liquidity risks, contribute to asset quality deterioration and capital erosion, and put pressure on earnings.

Well-managed credit unions are prudent and proactive in managing IRR and the related risks to capital, asset quality, earnings, and liquidity. As such, examiners will review your credit union’s IRR program for the following key risk management and control activities:

Key assumptions and related data sets are reasonable and well documented.
The credit union’s overall level of IRR exposure is properly measured and controlled.
Results are communicated to decision-makers and the board of directors.
Proactive action is taken to remain within safe and sound policy limits.

Additional references for IRR are in the Examiner’s Guide under Workpapers and Resources.

Liquidity Risk

Higher interest rates have caused a slowdown in prepayments for some loans and investment holdings, which has resulted in reduced cashflows. Large increases in share balances from 20202022 may result in an increased level of share sensitivity and share roll off as market rates continue to rise.

In evaluating the “L” component of the CAMELS rating to determine the adequacy of your credit union’s liquidity risk management framework, examiners will consider the current and prospective sources of liquidity compared to funding needs. Examiners will review your credit union’s liquidity policies, procedures, and risk limits. Examiners will also evaluate the adequacy of your credit union’s liquidity risk management framework relative to the size, complexity, and risk profile of your credit union.

Examiners will assess liquidity management by evaluating:

The potential effects of changing interest rates on the market value of assets and borrowing capacity.
Scenario analysis for liquidity risk modeling, including possible member share migrations (for example, shifts from core deposits into more rate-sensitive accounts).
Scenario analysis for changes in cash flow projections for an appropriate range of relevant factors (for example, changing prepayment speeds).
The appropriateness of contingency funding plans to address any plausible unexpected liquidity shortfalls.

Resources and guidance on liquidity risk can be found in the NCUA’s Examiner’s Guide.

Credit Risk

Credit risk is a supervisory priority for 2023 as high inflation and rising interest rates are putting financial pressure on credit union members. High inflation and the increasing likelihood of an increase in unemployment rates could negatively impact borrowers’ ability to repay outstanding debt. Rising interest rates could also result in higher loan payments for borrowers.

NCUA examiners will review the soundness of existing lending programs, any adjustments your credit union made to loan underwriting standards and portfolio monitoring practices, and loan workout strategies for borrowers facing financial hardships. NCUA examiners will carefully consider all factors in evaluating your credit union’s efforts to provide relief for borrowers, including whether the efforts were reasonable and conducted with proper controls and management oversight.

For more information and additional resources, see the following:

Press release, Agencies Issue Interagency Policy Statement on Allowances for Credit Losses and Interagency Guidance on Credit Risk Review Systems
NCUA Letter to Credit Unions 20-CU-13, Working with Borrowers Affected by the COVID-19 Pandemic
NCUA Letter to Credit Unions 14-CU-08, Home Equity Lines of Credit Nearing Their End-of-Draw Period
NCUA Letter to Credit Unions 10-CU-07, Commercial Real Estate Loan Workouts
NCUA Letter to Credit Unions 10-CU-03, Concentration Risk
NCUA Letter to Credit Unions 07-CU-06, Working with Residential Mortgage Borrowers
NCUA Letter to Credit Unions 03-CU-01, Loan Charge-off Guidance

Fraud Prevention and Detection

Fraud risks remain elevated. As such, the NCUA will continue our efforts to review internal controls and separation of duties. In 2023, the agency will also implement a management questionnaire designed to enhance the identification of fraud red flags, material supervisory concerns, or other potential new risks to which your credit union may be exposed.

This questionnaire will help protect credit unions and reduce potential losses to the Share Insurance Fund. The questionnaire will be sent to credit unions in the pre-examination planning stage for all full-scope exams along with the Items Needed List, including on joint exams with State Supervisory Authorities (SSAs). Credit unions only need to complete one questionnaire per examination. If an SSA uses a similar questionnaire, the federal and state examiners will coordinate to decide which questionnaire the credit union will complete to reduce duplication.

Credit unions will typically receive the questionnaire through MERIT’s survey function, and the credit union CEO or another senior executive will complete, sign, and then return the questionnaire through MERIT’s survey function. Examiners will review the credit union’s responses in the pre-examination planning process to refine the scope of the examination, as appropriate.

For more fraud prevention resources, visit the NCUA’s Fraud Prevention Resources page.

Information Security (Cybersecurity)

Cybersecurity risks remain a significant, persistent, and ever-evolving threat to the financial system. Credit union technology-related operating environments are increasing in complexity. Your credit union can protect itself with a cybersecurity program that evolves and adapts to the changing threat environment.

The NCUA will continue to have cybersecurity as an examination priority. Examiners will evaluate whether credit unions have established adequate information security programs to protect members and the credit union. To strengthen the examination process for cybersecurity, the NCUA developed and tested updated Information Security Examination procedures tailored to institutions of varying size and complexity. Examiners will use these new procedures in 2023.

Additionally, credit unions are encouraged to remain very vigilant and continue to adapt their ability to respond to evolving cybersecurity threats. Your credit union may conduct voluntary, cybersecurity self-assessments using the Automated Cybersecurity Evaluation Toolbox. The toolbox works in coordination with and will prepare you for an Information Security Examination.

For more cybersecurity information and resources, including the new examination procedures, visit the NCUA’s Cybersecurity Resources webpage.

Consumer Financial Protection

The NCUA will continue to review compliance with applicable consumer financial protection laws and regulations for federal credit unions that the NCUA has under its consumer financial protection supervision authority. Examiners will continue to review your credit union’s compliance with Flood Disaster Protection Act requirements, including disclosure requirements, as we continue to evolve our understanding of the impact of climate-related financial risk on credit unions, credit union members, and the Share Insurance Fund.

Examiners will also consider trends in violations identified through examinations and member complaints, emerging issues, and any recent changes to regulatory requirements to establish priorities. Accordingly, in 2023 examiners will focus on areas related to:

Overdraft programs.
Fair lending, including review of residential real estate appraisals for any bias.
The Truth in Lending Act.
The Fair Credit Reporting Act.

In 2022, examiners requested information about a credit union’s policies and procedures governing its overdraft programs. In 2023, examiners will expand the review of credit unions’ overdraft programs, including website advertising, balance calculation methods, and settlement processes. The NCUA will also evaluate any adjustments credit unions have made to their overdraft programs to address consumer compliance risk and potential consumer harm from unanticipated overdraft fees.

Regarding fair lending, examiners will review policies and practices for steering or loan pricing discrimination risk factors.² In addition, examiners will assess a credit union’s policies and practices related to residential real estate appraisals and conduct a tailored file review to evaluate the consistency, fairness, and accuracy of the appraisals a credit union obtains.

Examiners will additionally evaluate compliance with Truth in Lending Act requirements and disclosures related to auto lending for certain credit unions that have experienced high auto loan growth over the past year. Examiners will also review credit reporting protections under the Fair Credit Reporting Act related to furnishing, adverse action notices, risk-based pricing, and consumer rights disclosures.

Other Updates

Current Expected Credit Loss Implementation

Credit unions are required to implement the Financial Accounting Standards Board’s Accounting Standards Update No. 2016-13, Topic 326, Financial Instruments – Credit Losses, commonly referred to as Current Expected Credit Loss (CECL) for financial reporting years starting after December 15, 2022. Most credit unions adopted CECL on January 1, 2023.

Under the NCUA’s CECL Transition Rule, federally insured credit unions with assets of less than $10 million are generally not required to implement CECL. For credit unions below this threshold, the rule requires “any reasonable reserve methodology (incurred loss), provided it adequately covers known and probable loan losses.”³ Federally insured, state-chartered credit unions should refer to state law on Generally Accepted Accounting Principles (GAAP) requirements and CECL standard applicability, as those requirements may be more restrictive.

Examiners will evaluate the adequacy of your credit union’s Allowance for Credit Losses (ACL) on loans and leases by reviewing:

ACL policies and procedures.
Documentation of an ACL reserving methodology, including logic for model selection and related input data, modeling assumptions, and qualitative adjustments.
Adherence to GAAP (if applicable).

If your credit union’s ACL is independently reviewed by the Supervisory Committee or an internal or external auditor, examiners will also consider the results of that review as part of their evaluation.

As applicable, examiners may also review your credit union’s adjustment to undivided earnings (retained earnings) in relation to the CECL Transition Rule.

A variety of CECL resources are available for credit unions, including:

FASB’s Accounting Standards Update 2016-13, Topic 326, Financial Instruments – Credit Losses
FASB Staff Q&A, Topic 326, No. 1: Whether the Weighted-Average Remaining Maturity Method Is an Acceptable Method to Estimate Expected Credit Losses
FASB Staff Q&A, Topic 326, No. 2: Developing an Estimate of Expected Credit Losses on Financial Assets
NCUA Letter to Credit Unions 17-CU-05, Frequently Asked Questions on the New Accounting Standard on Financial Instruments Credit Losses
NCUA Letter to Credit Union 22-CU-10, Simplified CECL Tool for Credit Unions

Succession Planning

The credit union system continues to experience an ongoing trend of consolidation. The NCUA has found that inadequate succession planning is often a reason for credit union consolidations, especially in smaller credit unions. Succession planning can be critical to the continued operation of credit unions, especially those with senior leaders who may be retiring soon. A credit union’s failure to plan for the transition of its management and board officials could come with high costs. Conversely, good succession planning confers a variety of benefits, including ensuring organizational viability over the long term.

During 2023, examiners will request information about a credit union’s approach to succession planning for senior leaders, including any written succession plan the credit union has established. This information will help the NCUA further understand succession planning activities and needs in the credit union system.

Examiners will not evaluate this information or any formal or informal succession plans developed by credit unions beyond what would normally be considered in assigning the Management component of the CAMELS rating.⁴ Also, examiners will not issue an Examiner’s Finding or Document of Resolution if the credit union has not conducted succession planning, or the planning is not adequate, unless the credit union is in violation of its own policy for conducting succession planning or administering any such plan(s).

Support for Small Credit Unions and Minority Depository Institutions

In 2023, the NCUA will continue its Small Credit Union and Minority Depository Institutions (MDIs) support program, which the agency implemented in 2022 to support and preserve these credit unions. Credit unions with less than $100 million in assets and MDIs are uniquely positioned to improve the financial well-being of underserved communities by offering their members access to safe, fair, and affordable credit and other financial services and products. The NCUA’s program focuses assistance on identifying available resources, providing training and guidance, and supporting credit union management in their efforts to address operational matters. We expect the additional benefits of the program to include:

Greater awareness of the unique needs of small credit unions and MDIs and their role in serving underserved communities.
Expanded opportunities for these credit unions to receive support through NCUA grants, training, and other initiatives.
Furthering partnerships with organizations and industry mentors that can support small credit unions and MDIs.

Additionally, the agency has developed MDI-specific exam procedures to guide examiners during their supervision of MDIs. Preserving small credit unions and MDIs is fundamental to the NCUA’s mission.

Post-Examination Survey

Credit union feedback helps the NCUA evaluate the effectiveness of our examination processes and improves communication with credit unions. In September 2021, the NCUA initiated a post-examination survey pilot to gather feedback on examinations. In addition to pilot survey responses, the NCUA has conducted focus groups comprised of senior credit union staff and NCUA examination staff to gather input. In 2023, the NCUA will update the post-examination survey to continue obtaining feedback from credit unions on their NCUA examinations. As a reminder, federal credit unions may record their exam exit meetings provided they comply with applicable laws and regulations for recording and provide a copy of the recording to the NCUA. These recordings can be useful to both credit unions and the NCUA. NCUA examiners will agree to the recording of the exam exit meetings, and the NCUA will monitor how often exam exit meetings are recorded.

Conclusion

The NCUA will continue our ongoing enhancements to how the agency supervises and supports your credit union and its members as the agency adopts innovations and incorporates efficiencies in our exam program. The NCUA’s primary mission of protecting the system of cooperative credit and its member-owners through effective chartering, supervision, regulation, and insurance can only be achieved by adapting to technological and economic changes.

Should you have any questions about the NCUA’s supervisory priorities for 2023, please contact your NCUA examiner or regional office.

Sincerely,

Todd M. Harper
Chairman

New circular addresses dark patterns and other tricks used by companies to confuse and deceive consumers enrolled in subscription services.

The Consumer Financial Protection Bureau (CFPB) issued a new circular affirming that companies offering “negative option” subscription services must comply with federal consumer financial protection law. Negative option programs include subscription services that automatically renew unless the consumer affirmatively cancels, and trial marketing programs that charge a reduced fee for an initial period and then automatically begin charging a higher fee. Companies risk violating the law if they do not clearly and conspicuously disclose the terms of their subscription services and obtain consumers’ informed consent, or if they make it unreasonably difficult for consumers to cancel. Drawing from the Federal Trade Commission’s (FTC) recent policy statement and the CFPB’s past enforcement cases, the circular highlights examples of unlawful behavior by companies that have used dark patterns and other manipulative tactics to trick consumers into paying recurring charges for products and services they do not want.

Negative option marketing refers to a term or condition under which a seller may interpret a person’s silence or failure to cancel an agreement as continued acceptance of the offer. The CFPB has received complaints from consumers about being charged for products or services they did not intend to purchase or had sought to cancel, and has brought many enforcement actions involving unlawful negative option marketing practices.

The CFPB took action against Transunion for repeatedly breaking the law by violating a CFPB consent order and for deceptive marketing when selling credit scores, reports, and credit monitoring products. The CFPB sued ACTIVE Network for tricking consumers into enrolling into a costly membership club through the use of digital dark patterns. The CFPB has also entered into consent orders with numerous credit card issuers for deceptively marketing optional “add-on” products that charged recurring fees until consumers affirmatively cancelled.

Today’s circular highlights that negative option programs can be particularly harmful when paired with dark patterns because consumers may be misled into purchasing subscriptions and other services with recurring charges and be unable to cancel the unwanted products and services or avoid their charges. Digital dark patterns are design features used to deceive, steer, or manipulate users into behavior that is profitable for a company, but often harmful to users or contrary to their intent.

Companies offering negative option programs risk violating the Consumer Financial Protection Act’s (CFPA) prohibition on unfair, deceptive, or abusive acts or practices where they:

Fail to disclose, clearly and conspicuously, the material terms of the negative option offer to the consumer: Companies likely violate the law if they misrepresent or fail to disclose information likely to inform a consumer’s decision about whether to enroll in a negative option service, including the amount of all charges and the fact that charges will continue unless the consumer takes affirmative steps to cancel.
Fail to obtain the consumer’s informed consent: Companies should ensure that consumers genuinely agree to the terms of a negative option program. The CFPB has found or alleged that companies engaged in unfair, deceptive, and abusive acts and practices when companies misrepresented or failed to disclose that they were offering negative option programs, which resulted in consumers not understanding that they were enrolling in services with recurring charges.
Mislead or impede consumers wishing to cancel: A common practice of bad actors is requiring consumers to jump through complicated hoops to cancel subscription products or services, such as being forced to talk to customer service agents repeatedly, or for unreasonably long times, before granting a request to cancel.

Today’s circular continues the CFPB’s focus on raising awareness about the growing scourge of dark pattern practices and other harmful tactics that companies are using to trick consumers into paying for products or services they do not want. The CFPB is partnering with the FTC in its effort to combat the rise of digital dark patterns, and both agencies will continue to monitor these practices and bring agency actions where needed.

Read the Consumer Financial Protection Circular, Unlawful negative option marketing practices.

Read the FTC’s October 2021 policy statement on negative option marketing .

Courtesy of Leonard Burman and William G. Gale, Brookings Institute

There is a legal maximum on how much debt the federal government can accumulate—often called the “debt ceiling” or the “debt limit.” According to Treasury Secretary Janet Yellen, the government will hit the current limit in a few days. Using a variety of accounting tricks (like temporarily diverting government pension funds), the government can postpone the day when it cannot pay its bills but only for a few months. Congress and the administration therefore face the following questions: whether to raise the debt limit, by how much, and what, if any, conditions to attach.

Citizens and the media misunderstand the issues surrounding the debt limit. Policymakers often fuel this misunderstanding with misleading statements that distort the debate.

The issue is really quite simple. The debt limit doesn’t cause the debt any more than a thermometer causes a fever. Debt grows when spending exceeds revenues. That’s it.

Congress should abolish the debt limit and replace it with the simple, common- sense rule that automatically authorizes any borrowing necessary to implement any fiscal legislation that affects the federal deficit. This “Gephardt rule” was in place at various times in the past.

Raising the debt limit is not about new spending; it is about paying for previous choices policymakers legislated.

Here are seven things to understand about the debt limit and why it is unnecessary and obstructive.

The debt limit has been raised continually for more than a century. The first debt limit was established in 1917 to make it easier to finance mobilization efforts in World War I. Before that, Congress generally had to authorize each bond issue. The limit has been raised 78 times since 1960, including 20 times since 2001. Congress usually raises (or suspends) the debt limit before it is reached. Along the way, the party out of power demagogues the debt limit, blaming the other party for its profligacy.
Raising the debt limit is not about new spending; it is about paying for previous choices policymakers legislated. Voters often incorrectly assume—and lawmakers often incorrectly assert—that a vote to raise the debt ceiling is a vote for more red ink. In fact, raising the debt limit is about paying for past choices. Debt limit debates are about whether Congress should authorize the government to borrow to pay for spending that Congress has already authorized. Oddly enough, when Congress authorizes new spending and new taxes, it does not automatically authorize the borrowing needed to make up any difference. Arguing about increasing the debt limit is like having a person charge vacation expenses to his credit card and then debate whether he should pay the credit card company when the bill comes due.
The uselessness of a debt limit is exhibited by the fact that only one other advanced country—Denmark—has a separate debt limit rule like ours. And they don’t use it as a political football.
The limit (inappropriately) applies to gross federal debt. The debt limit applies to gross debt: the sum of net debt plus intragovernmental loans. Net debt is what the government owes the public—including investors, pension funds, and domestic or foreign central banks. It is the measure that economists consider to be important. Intragovernmental debt is what one part of the government owes another part. Because it is akin to your right pocket owing your left pocket money, intragovernmental debt is irrelevant to the nation’s fiscal health. Thus, gross debt is a legal concept with little economic significance. Sadly, the popular discussion—even among many so-called experts—sometimes focuses on gross debt, because the bigger number is more eye-catching (although net debt, at around $24.5 trillion, is still pretty big). At the beginning of 2023, about $6.8 trillion (approximately 22% of debt subject to the limit is intragovernmental debt.
If debt hits the ceiling, the Treasury Department uses several accounting gimmicks to postpone the day of reckoning, but these typically last only a few months. At that point, the government would have to default on interest payments or other obligations—for example, military pay, Social Security and Medicare, tax refunds, or other safety net payments. The law is unclear about which claims are senior. Nor is it clear who has the right to determine seniority. Legislation could set priorities, but any such prioritization would be tested in court. And even if bondholders were paid, not paying all the claims would constitute default, just with a different name, and incur costs for the government.
If the debt limit were not raised, the amount of spending cuts or tax increases that would be required would equal $1.5 trillion this year and $14 trillion over the next 10 years. For perspective, these figures are larger than total defense spending over the same periods of time. And if there were a default, interest rates would rise, increasing deficits and requiring even larger tax and spending changes.
The economic consequences of a large-scale, intentional default are unknown, but predictions range from bad to catastrophic. In 1979, an inadvertent temporary partial debt default occurred because of an administrative error; it raised U.S. borrowing costs by $40 billion (in today’s dollars). This was an accidental default on a small batch of Treasury securities, but it spooked investors enough to raise interest payments significantly. An intentional, large-scale default has never happened because in the past it has been unthinkable. To do so now would be to play with fire and risk the United States’ charmed position as a “risk-free borrower” in global credit markets.

NASCUS Member Benefit: Recent CFPB Resource Summaries

CFPB Consumer Financial Protection Circular 2022-07: Reasonable Investigation of Consumer Reporting Disputes
12 CFR Chapter X

The Consumer Financial Protection Bureau (CFPB) issued this circular to respond to two questions regarding the responsibilities of consumer reporting agencies.

Are consumer reporting agencies and the entities that furnish information to them (furnishers) permitted under the Fair Credit Reporting Act (FCRA) to impose obstacles that deter the submission of disputes?
Do consumer reporting agencies need to forward to furnishers consumer-provided documents attached to a dispute?

The Bureau released this circular on its website on November 10, 2022, and the circular can be accessed here.

CFPB Consumer Financial Protection Circular 2022-06: Unanticipated Overdraft Fee Assessment Practices
12 CFR Chapter X

The Consumer Financial Protection Bureau (CFPB) has issued Consumer Financial Protection Circular 2022-06, titled “Unanticipated Overdraft Fee Assessment Practices” to respond to a question posed about whether the assessment of overdraft fees under certain instances would be considered an unfair act or practice under the Consumer Financial Protection Act (CFPA), even if the entity complies with the Truth in Lending Act (TILA) and Regulation Z and the Electronic Fund Transfer Act (EFTA) and Regulation E.

The circular became effective on October 26, 2022 and can be found here.

Notice of Intent to Make a Preemption Determination

The CFPB issued a Notice of Intent to Make a Preemption Determination under TILA. In the Notice, the Bureau explains it has preliminarily determined that TILA does not preempt a New York State law governing commercial financing with respect to certain provisions. Additionally, the Bureau is providing notice that it is considering whether to make a preemption determination regarding State laws in California, Utah, and Virginia that are potentially similar to the New York law.

The Bureau is soliciting public comment on this preliminary preemption determination.

You can access the Notice here: www.consumerfinance.gov/rules-policy/notice-opportunities-comment/open-notices/notice-of-intent-to-make-preemption-determination-under-truth-in-lending-act/.

Blog: Update on state laws on lending to businesses

The CFPB received a request from an industry trade association to determine whether New York’s commercial financing disclosure law is preempted by the federal Truth in Lending Act. Congress has expressly authorized the CFPB to determine whether state laws are preempted by the Truth in Lending Act. The public can request such a determination, or the CFPB can raise the issue on its own. The Truth in Lending Act’s implementing regulations require the CFPB to request public comment before determining whether a state law is preempted.

After carefully considering the request, the CFPB’s preliminary determination is that the New York law is not preempted by the Truth in Lending Act because the New York law regulates commercial financing transactions rather than consumer-purpose transactions. The CFPB is requesting comment on whether it should finalize its preliminary determination that the New York law – as well as potentially similar laws in California, Utah, and Virginia – are not preempted.

Click here to read more

Blog: Changes to HMDA’s closed-end loan reporting threshold

On September 23, 2022, the United States District Court for the District of Columbia issued an order vacating the 2020 Home Mortgage Disclosure Act (HMDA) Final Rule as to the loan volume reporting threshold for closed-end mortgage loans. The decision means that the threshold for reporting data on closed-end mortgage loans is now 25 loans in each of the two preceding calendar years, which is the threshold established by the 2015 HMDA Final Rule, rather than the 100 loan threshold set by the 2020 HMDA Final Rule.

The CFPB recognizes that financial institutions affected by this change may need time to implement or adjust policies, procedures, systems, and operations to come into compliance with their reporting obligations. In these limited circumstances, in allocating the CFPB’s enforcement and supervisory resources, the CFPB does not view action regarding these institutions’ HMDA data as a priority. Thus, the CFPB does not intend to initiate enforcement actions or cite HMDA violations for failures to report closed-end mortgage loan data collected in 2022, 2021, or 2020 for institutions subject to the CFPB’s enforcement or supervisory jurisdiction that meet Regulation C’s other coverage requirements and originated at least 25 closed-end mortgage loans in each of the two preceding calendar years but fewer than 100 closed-end mortgage loans in either or both of the two preceding calendar years.

Biden Asks Supreme Court to Overturn Fifth Circuit’s CFPB Ruling

The Biden Administration on Monday asked the U.S. Supreme Court to overturn an appeals court decision that found that the CFPB’s funding scheme was unconstitutional.

Inside the Petition
“The CFPB’s critical work administering and enforcing consumer financial protection laws will be frustrated,” the administration wrote. “And because the decision below vacates a past agency action based on the purported Appropriations Clause violation, the decision threatens the validity of all past CFPB actions as well.”

Other federal agencies are funded outside the annual appropriations process, according to the administration. “The court of appeals’ novel and ill-defined limits on Congress’s spending authority contradict the Constitution’s text, historical practice, and this Court’s precedent,” the petition states.

Further, administration officials added, “The CFPB’s funding mechanism is entirely consistent with the text of the Appropriations Clause, with longstanding practice, and with this Court’s precedent.”

Additional Support for the CFPB
Biden Administration officials not the only ones blasting the Fifth Circuit and its ruling. During a Senate Banking Committee hearing featuring banking regulators, Sen. Elizabeth Warren, D-Mass., called the Fifth Circuit “the Republicans’ go-to court.” Warren, who is credited with developing the idea of the consumer bureau, said that Congress created independent funding structures for bank regulators to insulate them from political pressure.

Under questioning by Warren, each of the banking regulators—including NCUA Chairman Todd Harper—acknowledged that their agencies are funded outside the appropriations process. The NCUA, for instance, is funded by fees paid by credit unions. READ MORE

The CFPB Finalizes Rule to Increase Transparency Regarding Key Nonbank Supervision Tool

Today, we finalized changes to our nonbank supervision procedural rule. The changes will provide transparency to the public about how we are using an important supervisory tool to keep pace with fast-moving consumer finance markets.

Based on public comments, in this final version of the procedures, we are clarifying the standard we will apply to decide what information is appropriate for public release. We are also extending the amount of time that is available to the nonbank entity to provide us with input about what information we should release.

Agility in Nonbank Supervision

The Consumer Financial Protection Act (CFPA) enables the CFPB to supervise a nonbank covered entity that we have reasonable cause to determine is engaging, or has engaged, in conduct that poses risks to consumers with regard to consumer financial products or services.

This statutory authority gives the CFPB’s supervision program the ability to move as quickly as the marketplace. For instance, fast-growing companies in nontraditional areas of the consumer finance market may be engaged in novel activities that warrant supervisory attention. There can also be supervisory gaps in more traditional areas of the market that ought to be filled. Through the supervisory process, CFPB examiners can work with the company in question to fully understand and manage its risks.

When we make a determination that supervision is warranted, our focus is on identifying risks to consumers, preferably before they manifest in violations of law or consumer harm. READ MORE

CFPB Reports Highlight Problems with Tenant Background Checks

Errors and false information in tenant background checks raise costs and barriers to quality rental housing.

CFPB issued two reports on the tenant background check industry. The reports describe how errors in these background checks contribute to higher costs and barriers to quality rental housing. Too often, these background checks – which purport to contain valuable tenant background information – are filled with largely unvalidated information of uncertain accuracy or predictive value. While renters bear the costs of errors and false information in these reports, they have few avenues to make tenant screening companies fix their sloppy procedures. The CFPB’s analysis of more than 24,000 complaints highlighted the renter challenges associated with the industry’s failures to remove wrong, old, or misleading information and to provide adequate investigations of disputed information.

The tenant background check industry creates reports that include extensive personal information, such as credit history, civil and criminal records, and credit scores, as well as the proprietary risk scores on which many landlords and property management companies base their decision to rent to a prospective tenant. The CFPB’s report on the state of the tenant screening market is an analysis of industry research, legal cases, academic research, the CFPB’s market monitoring, and other third-party sources. The CFPB’s consumer snapshot analyzes more than 24,000 complaints and results from focus groups with 44 renters.

Both reports reveal that people are denied rental housing because negative information is reported that belongs to someone else; outdated information remains on reports; and inaccurate or misleading details about arrests, criminal records, and eviction records are not corrected nor removed from reports. The consumer snapshot reveals that renters submitted more than 16,000 complaints about incorrect information on their reports and another 4,500 complaints about obstacles faced trying to get companies to fix their errors. READ MORE

CFPB Takes Action Against Carrington Mortgage for Cheating Homeowners out of CARES Act Rights

Company wrongly charged fees and inaccurately reported homeowner credit information despite pandemic-era housing protections.

The CFPB investigated Carrington and found they violated the Consumer Financial Protection Act when they misrepresented the requirements of the CARES Act and related federal agency guidelines. The company misrepresented to borrowers that they could not have 180 days of forbearance upon request and that certain borrowers could not have forbearance at all. Carrington also implied that homeowners had to make more detailed attestations than were actually required by law, and the company imposed late fees when they were not permitted.

Specifically, the CFPB found that Carrington:

Wrongly charged late fees: Carrington deceived certain borrowers, stating they were required to pay late charges they did not owe while their accounts were in forbearance. Carrington also falsely told borrowers in forbearance that they would “be assessed” or had “been assessed” late charges. In some cases, Carrington did wrongfully charge late fees.
Repeatedly provided false information about pandemic protections: Carrington told certain homeowners that they were required to remit their monthly payments “immediately” and could be facing foreclosure proceedings if they did not do so. In fact, no payment was required nor could the homeowners face foreclosure proceedings. The company also misrepresented to homeowners that they needed to provide specific reasons in order to obtain a forbearance when they only needed to attest to financial hardship during the pandemic. Carrington also told homeowners that to get a forbearance of more than 90 days, they had to make another request after the first 90 days.
Botched homeowners’ credit reports: Carrington illegally furnished information to consumer reporting companies that certain borrowers’ accounts were delinquent, rather than current, even though the homeowners’ accounts were current entering forbearance. Carrington also inaccurately furnished reports on the delinquency of certain homeowners in forbearance who were delinquent at the time they entered forbearance. Carrington failed to promptly notify the big three credit reporting companies about the errors.

READ MORE

November 17, 2022 — There was one item on the NCUA Board meeting agenda, a briefing on the Quarterly Share Insurance Fund report. The fund’s equity ratio as of June 30, 2022, remains stable at 1.26%, the same as from December 31, 2021. Additionally, the projected ratio of the Normal Operating Level is 1.30%.

The fund saw an investment income of $73.6 million, $5 million higher than the previous quarter. NCUA Chairman Harper inquired if the increase in the investment income for the quarter was attributable to interest income overall or a reduction in expenses to which it was reported that the fund’s overall net income had been aided by the reduction in corporate asset management expenses as well as rising interest rates.

As part of the briefing, the Board was informed that there was a slight decrease this quarter in the assets in credit unions with a CAMELS rating of a 1 or 2, a slight increase in assets in credit unions with a CAMELS 3 rating, while assets in CAMELS 4 and 5 credit unions remained the same. The overall number of credit unions also decreased from the previous quarter by 19, down from 4,846. There were 4 credit union failures last quarter, which included 2 involuntary liquidations with purchase and assumptions and 2 assisted mergers to a total of $7 million in losses to the share insurance fund. Of the 4 failures, 3 were attributed to fraud.

At several points in the meeting, the board members addressed the concern of fraud in credit unions, particularly smaller credit unions, and reiterated the importance of onsite examinations to review documents and internal controls. As NCUA considers the 2023/2024 budget, they will be addressing the need for potential increases in travel costs for such examinations. Board Member Hood also stressed the importance of resources and ongoing fraud training and mitigation measures, particularly for smaller credit unions.

Finally, the Board collectively reinforced the need for Congress to take action and codify the Central Liquidity Facility Agent Program to provide much-needed liquidity sources to credit unions.

Oct. 24, 2022 — The Federal Housing Finance Agency (FHFA) today published its new Uniform Appraisal Dataset (UAD) Aggregate Statistics Data File. FHFA also launched UAD Aggregate Statistics Dashboards on its website to provide user-friendly visualizations of the newly available data.

“As home valuations are a vital component of the mortgage process, publishing transparent, aggregate data on appraisals provides useful information to the public while protecting borrowers’ personally identifiable information,” said Director Sandra L. Thompson. “Today’s announcement exemplifies our commitment to the development of a more efficient and equitable valuation system that ultimately reduces appraisal bias.”

The UAD Aggregate Statistics Data File and UAD Aggregate Statistics Dashboards give stakeholders and the public new access to a broad set of data points and trends found in appraisal reports. Additionally, the appraisal statistics may be grouped by neighborhood characteristics and geographic levels (national, state plus the District of Columbia and Puerto Rico, Metropolitan Statistical Areas (MSAs) or Metropolitan Divisions, county, and tract). Of note, the UAD Aggregate Statistics Data File is intended for users capable of using statistical software to extract and analyze data. In contrast, the UAD Aggregate Statistics Dashboards are for users of all types and are designed to provide user-friendly access through customized maps and charts.

FHFA’s Division of Research and Statistics used 47.3 million UAD appraisal records collected from 2013 through the second quarter of 2022 on single-family properties to create a data file of UAD aggregate statistics in a manner that protects borrower privacy. Each UAD appraisal record includes information reported by appraisers on the Uniform Residential Appraisal Report (URAR). The current version of the URAR for single-family homes is Fannie Mae Form 1004 and Freddie Mac Form 70.

Related Links:

Compliance professionals within financial service firms are finding that they need to demonstrate their abilities with new technologies in order to meet regulatory requirements

The expansion of governance, risk, and compliance responsibilities into new technology-related areas beyond traditional functions has created a new burden for financial service firms’ compliance departments, and placed new demands on the skills of compliance professionals.

The intersection of compliance with tech has created a need for expertise and essential coordination across firms while involving artificial intelligence, big data, data privacy, cybersecurity, and algorithmic trading, to name just a few.

Financial service firms must now fully integrate these technologies and demonstrate that the activities employing them meet regulatory requirements. For compliance professionals, it has become essential to understand how the technologies work as well as their limitations and vulnerabilities. It can even help to know the computer code that went into creating them.

Several recent enforcement cases and regulatory initiatives underscore the need for compliance departments to become more tech savvy by taking steps that include technical coordination across the company, embedding technologists within compliance teams, or increasing the tech skills of individual compliance professionals.

DOJ emphasis on data

Deputy Attorney General Lisa Monaco gave a speech last month outlining ambitious plans being embraced by the Department of Justice (DOJ) to fight corporate misconduct. Among the principles, there was significant emphasis placed on the need to demonstrate an overall compliance culture.

The DOJ made clear in its compliance program guidelines released in 2020 that prosecutors should evaluate whether companies have a “data-driven compliance program” to detect potential misconduct and to monitor the effectiveness of their compliance policies. Monaco expanded on that in her speech and in an accompanying memo to federal prosecutors.

In evaluating whether a compliance program is “adequately resourced and empowered,” the DOJ said in 2020, prosecutors should consider the following questions:

“Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls and transactions? Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?”

The emphasis on “access” to data can be viewed as a signal that the DOJ needs to see people with skills in place to analyze, monitor, and interpret such data on the part of compliance departments.

Regulators emphasis on monitoring communications

The new policies put forth in Monaco’s memo also focus on monitoring the use of personal devices and third-party messaging platforms — a demanding technology task. “The ubiquity of personal smartphones, tablets, laptops, and other devices poses significant corporate compliance risks, particularly as to the ability of companies to monitor the use of such devices for misconduct and to recover relevant data from them during a subsequent investigation,” the memo stated. “The rise in use of third-party messaging platforms, including the use of ephemeral and encrypted messaging applications, poses a similar challenge.”

Other financial regulators have pursued similar priorities. In December last year, JPMorgan Chase & Co.’s securities unit was slapped with a $200 million penalty over data retention violations related to the use of personal communications and messaging devices. The Securities and Exchange Commission (SEC) imposed a $125 million share of the fine, and the Commodity Futures Trading Commission (CFTC) claimed the remaining $75 million.

The JPMorgan case represented the largest-ever fine for record-keeping violations related to communications reviews. It was followed up last week with an announcement by the SEC and CFTC of similar case settlements involving 16 other large financial institutions, which were fined $1.1 billion and $710 million by the agencies, respectively.

In the release announcing the settlements, the SEC said employees of the penalized firms had routinely communicated about business matters using text messaging applications on their personal devices. “The firms did not maintain or preserve the substantial majority of these off-channel communications, in violation of the federal securities laws,” the SEC stated. “The failings occurred across all of the 16 firms and involved employees at multiple levels of authority, including supervisors and senior executives.”

Compliance takeaways

The rapidly changing and growing compliance, risk, and audit responsibilities stemming from technology innovation require compliance departments to examine their own expertise, capabilities, and skill requirements.

The 2022 Cost of Compliance Survey, published by Thomson Reuters Regulatory Intelligence, showed frustration that, despite compliance departments’ widening responsibilities, staff numbers are unlikely to grow as staff costs increase and financial service firm budgets remain tight. Therefore, outsourcing, technology, and regulatory technology may step in to plug some of the gaps. Still, there will be a growing need for compliance professionals within firms to become more sophisticated in order to better steer the type of changes required by the new technologies.

As the Compliance Survey noted: “Of the 66% of respondents who expect the cost of senior compliance staff to increase in the next 12 months, nearly half (47%) gave the demand for skilled staff and knowledge as the top reason.”

Although the use of outsourcing and third-party management has been a popular strategy for many firms due to the complexities of software development, cloud computing, and data privacy and storage, regulators still expect compliance departments to have a thorough understanding and knowledge to oversee and “own” these outsourced functions.

Courtesy of Todd Ehret, Senior Regulatory Intelligence Expert, ThomsonReuters

Globally, over half of the passwords are reused, exposing personal and corporate data at risk.

After analyzing hundreds of millions of anonymous data points, privacy firm Dashlane released a report on password health.

The average password health score globally falls within the “needs improvement” range, meaning that passwords might be weak, compromised, or reused.

In fact, the report found that globally 51% of passwords are reused. An average person in the US has 70-80 online accounts, so one compromised password could lead to dozens of hacked accounts.

What is more, nearly 20% of passwords are compromised. Dashlane considers it an incredibly high number, given that an average Dashlane user has around 240 online accounts.

“Passwords are often the weak link in an organization’s or individual’s cybersecurity — in fact, for Basic Web Application Attacks (BWAA), over 80% of breaches can be attributed to stolen credentials,” the report reads.

The company warned that the number of online accounts per person is growing, so password security should be an essential part of an organization’s cybersecurity strategy.

How to protect yourself

If you can remember your password, consider it weak.

“Use unique generated passwords that you cannot pronounce yourself. Another crucial thing is to use multifactor authentication whenever possible. So even if your accounts get breached, you will still have this additional layer of security,” Gediminas Brencius, Head of Product for NordPass, once told Cybernews.

He also suggested using compartments for your information. If you have many different social accounts, you should use a specific email address for those.

Cybernews researchers have also documented the most commonly used passwords. If you noticed that your own personal passwords have similar patterns to the ones we analyzed, we recommend you visit our Data Leak Checker to see if your email address and other personal data has been exposed in a data breach.

And if you don’t want to end up on that list – the largest database of known breached accounts, with more than 15 billion compromised accounts – we also recommend using password managers.

Courtesy of Jurgita Lapienytė, CyberNews.com