NCUA Q2 2022 Summary: Lending, Assets, Insured Shares and Deposits Continue Growth

NCUA Releases Second Quarter Credit Union System Performance Data

Sept. 7, 2022 — According to the latest financial performance data released today by the National Credit Union Administration, total loans outstanding in federally insured credit unions increased $194 billion, or 16.2 percent, over the year ending in the second quarter of 2022, to $1.39 trillion. This represents the largest year over year growth in loans outstanding in at least two decades. Credit union loan balances also rose in all major categories, compared with the second quarter of 2021.

During the same period, total assets climbed by $159 billion, or 8.1 percent, to $2.14 trillion. Insured shares and deposits also grew $110 billion, or 7.0 percent, to $1.69 trillion, from one year earlier.

“These latest quarterly industry performance results point to a growing and overall healthy credit union system that’s facilitating the ability of families to achieve their financial goals,” said NCUA Chairman Todd M. Harper. “But, at the same time, we have also seen declines in the system’s net income and returns on average assets, rapidly rising interest rates and continued inflationary pressures. And, we have identified growing liquidity concerns within the system. Therefore, credit unions of all types and sizes must remain diligent in managing safety and soundness as we continue to navigate the challenging economic environment ahead of us.”

The NCUA’s Quarterly Credit Union Data Summary provides an overview of the financial performance of federally insured credit unions based on information reported to the agency in the second quarter of 2022. As of June 30, 2022, there were 4,853 federally insured credit unions with 132.6 million members.

Additional highlights from the NCUA’s Credit Union Data Summary for the second quarter of 2022 include:

  • Net income for federally insured credit unions in the first half of 2022 totaled $18.0 billion at an annual rate, down $3.3 billion, or 15.4 percent, from the first half of 2021.
  • Interest income rose $5.7 billion, or 9.8 percent, over the year to $63.6 billion. Non-interest income fell $3.1 billion, or 11.7 percent, to $23.6 billion, largely due to a drop in other income.
  • The credit union system’s provision for loan and lease losses or credit loss expense increased $2.1 billion, or 154.8 percent, to $3.4 billion at an annual rate in the first half of 2022.
  • The delinquency rate at federally insured credit unions was 48 basis points in the second quarter of 2022, up 2 basis points compared with the second quarter of 2021.
  • Credit union shares and deposits rose by $139.7 billion, or 8.1 percent, over the year to $1.85 trillion in the second quarter of 2022. Regular shares increased $62.3 billion, or 9.9 percent, to $689.0 billion. Other deposits increased $37.1 billion, or 5.0 percent, to $782.5 billion, led by money market accounts, which grew $52.2 billion, or 13.9 percent, over the year.
  • The credit union system’s net worth increased by $21.6 billion, or 10.8 percent, over the year to $222.7 billion.
  • The aggregate net worth ratio — net worth as a percentage of assets — stood at 10.42 percent in the second quarter of 2022, up from 10.16 percent one year earlier.

The NCUA makes credit union system performance data available in the Credit Union Analysis section of NCUA.gov. The analysis section includes quarterly data summaries as well as detailed financial information, a graphics package illustrating financial trends in federally insured credit unions, and a spreadsheet listing all federally insured credit unions as of June 30, 2022, including key metrics.

Federal Reserve’s Michael Barr highlights priorities in initial public remarks

Sept. 7, 2022—The Federal Reserve’s new regulatory chief said Wednesday that the central bank is considering how to more-closely scrutinize bank mergers and may beef up the way it requires certain banks to plan for their own demise.

Read Barr’s entire remarks here “Making the Financial System Safer and Fairer”

The remarks from Fed Vice Chairman Michael Barr, his first in public since taking office July 19, suggest a more aggressive approach to overseeing Wall Street than his Republican predecessor Randal Quarles.

Mr. Barr said he aims to evaluate how the Fed reviews proposed bank tie-ups and to assess “where we can do better,” speaking at an event hosted by the Brookings Institution, a Washington think tank.

The remarks are consistent with those from others made by the Biden administration and its top regulators, who are seeking to address concerns that the steady growth of the nation’s largest regional banks has introduced new risks to the financial system. While these firms might lack the vast trading floors and international operations of megabanks such as JPMorgan Chase & Co. and Bank of America Corp., the biggest regionals’ balance sheets are now approaching the size of some of so-called systemically important banks.

The push to revamp the way regulators assess the mergers of large banks is in its early stages but could make bank tie-ups more difficult.

“These risks may be difficult to assess, but this consideration is critical to assess how we are performing merger analysis and where we can do better,” Mr. Barr said Wednesday.

The remarks were being closely watched by banks and officials to get a sense of Mr. Barr’s priorities.

He spoke about so-called living wills, or plans for banks to wind themselves down in a crisis without a government bailout. Mr. Barr said regulators need to continue to analyze whether firms are taking “all appropriate steps to limit the costs to society of their potential failure.” He also warned about the so-called resolvability of some larger regional banks that have grown in size and in importance to the financial system.

Mr. Barr’s remarks didn’t go into detail on whether he plans to alter bank capital and liquidity levels through changes to the central bank’s rulebook or its annual “stress tests,” which aim to determine how large lenders would react to drastic market and economic shock.

Still, he suggested he was looking at ways to beef up stress tests, the value of which some critics say has eroded over time, becoming less stressful for banks. “The stress tests need to continue to evolve,” Mr. Barr said. “They’re supposed to be stressful. They’re supposed to be tough. And I want to make sure that they are that way.”

He said he would have more to say about certain bank-capital requirements in the fall. Mr. Barr has previously said he wants to get a broad view of requirements before pushing for adjustments to rules piece by piece.

Industry groups, such as the Bank Policy Institute and the Financial Services Forum, had no immediate comment on Mr. Barr’s remarks.

Mr. Barr’s supervision role is the government’s most influential bank overseer, responsible for developing a vision for the regulation of big banks and other financial firms. That includes developing policy recommendations for the Fed board and for overseeing its regulatory staff, which supervises some of the largest U.S. financial firms, including JPMorgan, Bank of America and Citigroup Inc.

Mr. Quarles, who previously held the Fed supervision post, focused on simplifying financial regulations enacted after the 2008-09 financial crisis. Supporters say those moves clarified or better calibrated the central bank’s rules. Some Democrats say they significantly softened the impact of the Wall Street rulebook. Mr. Quarles left the Fed in December.

At the event, Mr. Barr also addressed monetary policy. He said inflation was too high and that the Fed was committed to bringing it down. Acknowledging that the Fed’s rate increases risk a further slowdown to the economy—and even some pain—he said it is far worse to let “inflation continue to be too high.”

He didn’t specify how high the Fed’s benchmark interest rate should rise.

Mr. Barr was the last of President Biden’s slate of five appointees to the central bank. Fed Chairman Jerome Powell and three other appointments were confirmed in recent months.

Formerly a dean of public policy at the University of Michigan, Mr. Barr also served in the Treasury Department during the Clinton and Obama administrations, including as a top lieutenant to then-Treasury Secretary Timothy Geithner. Mr. Barr played a role as an architect of the 2010 Dodd-Frank financial overhaul, including the law’s creation of the Consumer Financial Protection Bureau.

Courtesy Andrew Ackerman, Wall Street Journal

Cyber Criminals Increasingly Exploit Vulnerabilities in Decentralized Finance Platforms to Obtain Cryptocurrency, Causing Investors to Lose Money

SUMMARY

The FBI is warning investors cybercriminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal cryptocurrency, causing investors to lose money. The FBI has observed cybercriminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency. The FBI encourages investors who suspect cybercriminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.

THREAT

Cybercriminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money. A smart contract is a self-executing contract with the terms of the agreement between the buyer and seller written directly into lines of code that exist across a distributed, decentralized blockchain network. Cybercriminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms.

Between January and March 2022, cybercriminals stole $1.3 billion in cryptocurrencies, almost 97 percent of which was stolen from DeFi platforms, according to the US blockchain analysis firm Chainalysis. This is an increase from 72 percent in 2021 and 30 percent in 2020, respectively. Separately, the FBI has observed cybercriminals defraud DeFi platforms by:

  • Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.
  • Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdraw all of the platform’s investments, resulting in approximately $320 million in losses.
  • Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle,(a) and then conducting leveraged trades that bypassed slippage checks (b) and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.

RECOMMENDATIONS

Investment involves risk. Investors should make their own investment decisions based on their financial objectives and financial resources and, if in any doubt, should seek advice from a licensed financial adviser. In addition, the FBI recommends investors take the following precautions:

  • Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
  • Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.
  • Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
  • Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions.

The FBI recommends DeFi platforms take the following precautions:

  • Institute real time analytics, monitoring, and rigorous testing of code in order to more quickly identify vulnerabilities and respond to indicators of suspicious activity.
  • Develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.

a Price oracles are tools that query, retrieve, and verify price information about a given asset used by the DeFi platform’s smart contracts.
b Slippage refers to price difference between when a transaction is submitted and when the transaction is confirmed (validated) on the blockchain. Slippage checks are designed to minimize or eliminate slippage.

August 30, 2022 — The Great Resignation has made it difficult for businesses to retain and attract talent, but the institutions on this year’s Best Credit Unions to Work For list have figured out what it takes to be a great employer.

Seventy credit unions made the list this year. The institutions are headquartered in more than two dozen states and Washington, D.C., and range in size from just 28 employees at Southwest Financial Credit Union in Farmers Branch, Texas, to more than 3,000 at America First Credit Union in Riverdale, Utah.

The winners were selected through two different surveys with the help of Best Companies Group. The first survey examines employee satisfaction and covers eight areas, including leadership and planning, corporate culture and communication and overall engagement. An institution needed at least a 40% participation rate in the survey, and on average at least 80% of respondents had to answer “agree strongly” or “agree somewhat” across the different topics.

This data found that the employees at the credit unions that made the list were happier in a variety of areas compared with the institutions that didn’t make the cut. For instance, employees at the winning institutions reported having a better work-life balance, receiving more effective corporate communication from management and being given more authority to make necessary decisions. Overall, these staff members were more willing to recommend working for their credit union to a friend.

The second survey evaluates the benefits and policies of each credit union. Some of the winners lavished employees with monetary perks, such as picking up the tab for monthly health insurance premiums or providing significant matches to retirement plans. Others created a fun work atmosphere with frequent parties and friendly competitions. Some also focused on professional development by offering leadership courses or reimbursing tuition payments for those continuing their education.


#1 Credit Union: Colorado Credit Union

Littleton, Colorado
President and CEO: Mike Williams
Assets: $310.1 million
No. of employees: 62Interesting fact: The credit union uses Fond, a recognition platform similar to social media. It allows employees to recognize each other publicly or privately. Their colleagues can then see these recognitions and comment and like them. All the recognitions are tied to Colorado Credit Union’s values and come with points that can be redeemed for gift cards, charitable donations or swag and other items. Through the platform, the credit union also hosts quarterly awards and wellness initiatives.Unusual perk: Staff members receive free will preparation through the employee assistance program.Best Credit Unions 2022 pictures/1_Colorado Credit Union.jpg
Pictured: Members of the CCU Hiking Club enjoy some of the natural beauty that the Centennial State has to offer during a hike.
Click here to read the entire list of 2022’s Best Credit Unions to Work For.

(login may be required)


Courtesy of Jackie Stewart, American Banker

Aug. 31, 2022 — Bank of America and BMO Harris are leaning into real estate aid with programs designed to close the racial property ownership gap.

Bank of America launched two programs Tuesday — one to aid small-business owners and another aimed at future homeowners.

The Small Business Down Payment Grant Program extends credit to small-business borrowers within historically disadvantaged communities and offers them financial support to purchase commercial real estate. Women and nonwhite business owners applying for Small Business Administration (SBA) commercial real estate loans for opportunity zones in Atlanta, Chicago, Charlotte, Dallas and Los Angeles can access the grants, which can be used to cover up to half of the down payment, capped at $25,000.

The bank plans to expand the program geographically next year.

“Today, many business owners of diverse backgrounds lack the access to capital and technical assistance needed to qualify for commercial loans, which can help secure transferable assets that build equity across generations,” said Jill Calabrese Bain, managing director of small business, specialty banking and lending at Bank of America.

Just 3% of Black households own nonresidential commercial real estate, Brookings reported in July. That compares with 8% of White households. Further, for the households that do, there’s a major disparity in the value: The average Black household owns $3,600 in it; the average White household, $34,000.

Applicants for the program announced Tuesday must pay at least 5% of the down payment and must be able to prove at least 51% business ownership by women or nonwhite people.

Bank of America’s Community Affordable Loan Solution, meanwhile, offers a zero-down payment, zero-closing-cost mortgage solution to first-time buyers purchasing homes in certain Black and Latinx neighborhoods in Charlotte, Dallas, Detroit, Los Angeles and Miami.

The program uses credit guidelines based on factors such as timely rent, phone and car insurance payments. Prospective buyers needn’t have mortgage insurance or a minimum credit score but must complete a homebuyer certification course through a Bank of America and Housing and Urban Development Department-approved housing counseling partner before submitting an application.

The program builds onto Bank of America’s $15 billion community homeownership commitment, which launched in 2019 and aims to provide affordable mortgages, grants and education to help some 60,000 low-to-moderate income individuals and families buy their own homes by 2025.


Courtesy of Gabrielle Saulsbery, Banking Dive.com

August 24, 2022 — With CyberSecurity Awareness month fast approaching, information security professionals and data protection managers will be looking at how to secure board-level buy-in for company-wide cybersecurity awareness campaigns. Often, this is the biggest hurdle for any cyber awareness campaign as senior leadership weighs the costs and benefits of investing in the security of their business.

Today we will be looking at some top tips for changing the tide on board-level buy-in.

What are the obstacles to Board-level buy-in and how to address them?

According to a study, by AT&T, board members covet data security as their number one concern, however, 75% of these boards do not actively put stock into internal cybersecurity campaigns.

With average data breach costs soaring to $4.4 million in 2022, the need to elevate cybersecurity initiatives on the boardroom agenda is increasing.

Why is there an understanding of the importance of cybersecurity awareness but no impetus to follow up with company-wide campaigns and initiatives?

1. Monetary Hurdles

Cybersecurity awareness providers can use behavior research tools and surveys to properly assess what areas of your company need to be addressed with training and development. This can then help you to present where and what your budget needs to be spent on, thus reassuring board members with facts and actionable insight and analysis. By doing this, you also instantly involve board members in the decision process.

2. Fear of change

One of the biggest hurdles to board buy-in is the fear of change and the comfort of following a tried and tested formula. People don’t like change and breaking leadership habits is very difficult to do.

In order to break this status quo, you need to increase board members involvement in security activities and simulations, especially considering recent developments in cybersecurity regulations.

When you do this, you can show your board members how easy it is to make mistakes and costly errors under the current protocols and teachings. When you root scenarios in relatable and personal examples, the risks associated with a cybersecurity event becomes clear for all board members.

3. Lack of security awareness

There is nothing harder than selling a new and improved security awareness campaign to your board members, especially if they have no security awareness at all. Why would they want to invest a portion of their finances in something that they do not understand? And why should the rest of your workers take security awareness seriously if their managers do not give it a second thought? It is meant to be a team effort after all, isn’t it?

This is a simple fix but requires hands-on work from an organization’s information security officer and/or data protection officer, with the help of your chosen training provider. You need to work to a trickle-down approach. First begin with focus groups and simulated training for board-level members, keeping a focus on the financial and legal ramifications companies face as a result of breaches. Position cybersecurity awareness as a proactive part of your organization with focus on Return on Investment (ROI), whilst highlighting how much more painful it is to be reactive to cybersecurity breaches.

How to engage Board members in the cybersecurity awareness conversation

When you implement a cybersecurity awareness campaign that is supported and planned out by the board, you increase the chances of company-wide buy-in and knowledge retention. So, how will you engage board members in the conversation? By speaking their language.

Sell it to them!

You need to encourage your board to focus on the risks and threat actors that target organizations every single day, but you also need to realize you are selling them something. When you are selling to your board, actualize the problems their employees face and use board-level language such as risk terminology and KPIs (Key Performance Indicators). board members want to see stone-cold numbers and measurable data to justify their investment.

Educate them regularly

The biggest reason board members struggle to support cybersecurity awareness initiatives is a lack of knowledge on the issue. If you are in charge of board buy-in, you need to regularly communicate cybersecurity insights, headlines, and stories with your board. They need to understand, in an easy-to-digest way, how cybersecurity is vital to the existence of their organization. Upskilling the board should always be a primary goal in any cybersecurity campaign!

It’s an investment, not a loss!

Board members want to hear things like ‘driving consistency’, ‘streamlining processes’, ‘minimizing human errors’, ‘avoiding reputational damage’, and ‘improving workflow’. Make it clear to your board members that they are making an investment which will lead to increased efficiency in the workforce and savings in the financial sheets. Begin with the message that cybersecurity is not a cost, it is an investment!

Bring in the pros

It is also highly beneficial to bring in the knowledge of a respected and experienced cybersecurity professional/consultant to add evidence to your board presentation. Cybersecurity professionals can run scoping workshops and team activities with your board to answer both company-specific questions and any technical questions that may arise.

In conclusion

Board-level buy-in is key to promoting a secure organization from top to bottom. Remember that your executives are still people, so it is important to communicate your objectives clearly, how your security awareness campaign addresses holes in your security culture and how it keeps your organization safe from cybercrime.


Courtesy of Tripwire Guest Authors

Aug. 22, 2022 — Updated rules from the National Credit Union Administration have resulted in a massive jump in the number of credit unions issuing subordinated debt and the overall dollar amount.

  • Recent changes to regulations from the National Credit Union Administration have resulted in a surge in the number of credit unions issuing subordinated debt and the dollar amount being issued.
  • Low-income credit unions (LICUs) have at times issued subordinated debt to expand their operations, typically using the capital for lending expansion and servicing, or for the acquisition of newer and more efficient financial technology. The advantage of subordinated debt is that credit unions can make loans or provide other services to members with borrowed money that is counted as net worth and thus not counted against their capitalization.
  • Recently, the NCUA expanded the number of credit unions eligible to issue subordinated debt to include complex credit unions (those with more than $500 million in total assets) and newly chartered credit unions. This change was made in conjunction with the release of new regulatory capitalization ratios — risk-based capital and the Complex Credit Union Leverage Ratio — which are also designed for complex credit unions. Although only LICUs are permitted to include subordinated debt in net worth, complex and new credit unions can use it to bolster the new RBC value. By allowing these credit unions to issue subordinated debt, the NCUA is providing these institutions with a new route to adjust to the new regulatory thresholds.
  • This new capitalization-requirement rules spurred a 170.8% quarterly increase in the dollar value of subordinated debt issued by credit unions industrywide. Alongside dollar growth, the number of credit unions using this tool to increase net worth is also expanding. As of the second quarter of 2022, 132 credit unions have issued subordinated debt. This is up from 86 institutions in the first quarter of 2022 and 80 in the fourth quarter of 2021, before the regulatory changes took effect. This increase has been driven by larger credit unions issuing subordinated debt as net worth: 64 of these 132 credit unions are complex credit unions, up from 44 in the fourth quarter of 2021.

Courtesy of Callahan, CreditUnions.com

August 2, 2022 — One of the primary methods used by malware distributors to infect devices is by deceiving people into downloading and running malicious files, and to achieve this deception, malware authors are using a variety of tricks.

Some of these tricks include masquerading malware executables as legitimate applications, signing them with valid certificates, or compromising trustworthy sites to use them as distribution points.

According to VirusTotal, a security platform for scanning uploaded files for malware, some of these tricks are happening on a much larger scale than initially thought.

The platform has compiled a report presenting stats from January 2021 until July 2022, based on the submission of two million files daily, illustrating trends in how malware is distributed.


Abusing legitimate domains

Distributing malware through legitimate, popular, and high-ranking websites allows threat actors to evade IP-based blocklists, enjoy high availability, and provide a greater level of trust. VirusTotal detected 2.5 million suspicious files downloaded from 101 domains belonging to Alexa’s top 1,000 websites.

The most notable abuse case is Discord, which has become a hotbed of malware distribution, with hosting service and cloud service providers Squarespace and Amazon also logging large numbers.

Most abused domains for malware distribution (VirusTotal)


Using stole code-signing certificates

Signing malware samples with valid certificates stolen from companies is a reliable way to evade AV detection and security warnings on the host. Of all the malicious samples uploaded to VirusTotal between January 2021 and April 2022, over a million were signed, and 87% used a valid certificate.

The most common certification authorities that are used to sign the malicious samples submitted to VirusTotal include Sectigo, DigiCert, USERTrust, and Sage South Africa.

Signing authorities used by malware authors (VirusTotal)


Disguised as popular software

Masquerading a malware executable as a legitimate, popular application has seen an upward trend in 2022.

Trend of disguising malware as real apps (VirusTotal)

Victims download these files thinking they’re getting the applications they need, but upon running the installers, they infect their systems with malware. The most mimicked applications (by icon) are Skype, Adobe Acrobat, VLC, and 7zip.

Click here to read the rest of the article.


Courtesy of Bill Toulas, Bleeping Computer.com

(Bloomberg) — The share of Americans who report having difficulties paying their bills has surpassed its 2020 pandemic peak in a US Census Bureau survey, underscoring the toll of soaring prices on budgets.

Four in ten adults said it has been somewhat or very difficult to cover usual household expenses in a poll conducted end of June and early July. That’s the highest since the Census started asking the question in August 2020. It implies that more than 90 million families are struggling, up from about 60 million a year ago.

When the Census first asked the question two years ago, a third of respondents reported difficulties in covering usual household bills. The share fell over the following year but started rising about a year ago after government pandemic relief ended and inflation took hold.

Millions of households with student loans are expected to face an additional monthly expense Sept. 1, when a Covid moratorium on servicing that debt ends.

The survey shows a sharp increase in financial stress in all of the country’s large metropolitan areas. In Dallas, for example, the share of respondents having difficulty paying bills jumped to about to 45.9% from 27.9% a year earlier. The share in Detroit rose by almost 20 percentage points.

A report last week from New York State Comptroller Thomas P. DiNapoli showed that one in eight residents were behind on paying their utility bills as of March. More than 1.2 million customers statewide owed $1.8 billion, with residents of New York City and Long Island accounting for 68% of the total.

The average amount owed by residents in the state doubled in two years, to $1,467 in March from $768 in March 2020.

“The pandemic’s effects continue to be felt in multiple aspects of life, including the elevated number of New Yorkers who continue to have trouble paying their utility bills,” DiNapoli said in the report.

Nationally, the latest Census survey shows that more than one third of households reduced or forwent expenses for basic household necessities, such as medicine or food, in order to pay an energy bill. More than one in five families kept their home at a temperature that felt unsafe or unhealthy for at least one month, and a similar share hasn’t been able to pay at least part of an energy bill.

Courtesy of Alex Tanzi, Yahoo Finance

After a decline in consumer spending during the pandemic, the end of government relief programs has contributed to an increase in credit card usage – and a rise in delinquencies.


CREDIT CARD SPENDING, DELINQUENCIES RETURNING TO NORMAL FOR U.S. CREDIT UNIONS | DATA AS OF 03.31.22
© CALLAHAN & ASSOCIATES| CREDITUNIONS.COM

  • Credit card delinquencies at credit unions and commercial banks are back on the rise after unexpectedly improving during the pandemic, thanks to expanded unemployment benefits and stimulus checks from the federal government.
  • At just 1.01%, credit card delinquency rates at credit unions at the end of the first quarter were nearly three quarters of a point below their for-profit counterparts, though for now credit unions are closer to reaching pre-pandemic delinquency levels than banks.
  • Delinquency rates at banks and credit unions alike have been on the rise for the last four quarters following the end of government-backed pandemic-relief programs.
  • The increase in delinquencies is largely a good thing. Credit card spending among credit union members fell $5.8 billion during the first year of the pandemic as lockdowns and social distancing led to a decline in consumer spending.

Courtesy of Sophie Monroe, CreditUnions.com

Cryptocurrency insider-trading case could have broad ramifications for industry.

Federal authorities brought the first-ever cryptocurrency insider-trading case Thursday, accusing a former Coinbase Global Inc. COIN 5.43% manager of tipping off his brother and a friend with confidential information, and signaling in a companion case an aggressive new push to police digital tokens.

Prosecutors in Manhattan filed wire-fraud charges against the three men, and, at the same time, the Securities and Exchange Commission brought a civil case against them in which it alleged that nine cryptocurrencies, including seven that are currently available on Coinbase, are unregistered securities.

The SEC’s classification of the digital tokens as unregistered securities could have wide-ranging effects on the cryptocurrency industry and expose Coinbase and other platforms to new legal liabilities and regulatory requirements.

An indictment unsealed in federal court in Manhattan alleged that Ishan Wahi, a former product manager at Coinbase, his brother Nikhil Wahi and his friend Sameer Ramani netted about $1.5 million in illegal profits.

The Wahi brothers were arrested Thursday morning in Seattle. Mr. Ramani remained at large, prosecutors said.

“Our message with these charges is clear: fraud is fraud is fraud, whether it occurs on the blockchain or on Wall Street,” said Damian Williams, the U.S. attorney for the Southern District of New York.

Lawyers for Ishan Wahi said the charges were meritless. “Ishan Wahi is innocent of all wrongdoing and intends to defend himself vigorously against these charges and in the SEC action,” said lawyers Andrew St. Laurent and Marc Axelbaum.

Priya Chaudhry, a lawyer for Nikhil Wahi, said prosecutors were trying to criminalize innocent behavior “because they are looking for a scapegoat because so many people have lost money in cryptocurrency recently.”

A lawyer for Mr. Ramani couldn’t be identified.

Coinbase said in a statement on its blog that it had conducted an investigation on the three men and had provided information about the individuals to the Justice Department. The platform also said it fired Ishan Wahi.

“Coinbase takes this type of illicit behavior super seriously,” said Paul Grewal, the company’s chief legal officer. “We have zero tolerance for it.”

Mr. Grewal said Coinbase invests heavily in systems and policies to prevent employees from taking advantage of confidential information, such as asset-listing plans.

Ishan Wahi, who worked on Coinbase’s asset-listing team, had advance knowledge of the timing and public announcements of assets the exchange planned to list, prosecutors alleged. He was one of a small number of employees who belonged to a private messaging channel used to discuss launch dates and timelines, according to the indictment.

Starting in June 2021, the three defendants used the confidential information to make trades in advance of at least 14 public-listing announcements by Coinbase, the indictment alleged. The men concealed the trades through a web of crypto accounts and anonymous digital wallets, prosecutors alleged.

Some of the trades drew public scrutiny. In April, a Twitter account well known in the crypto community flagged the purchase of hundreds of thousands of tokens about 24 hours before they were named in a public-listing announcement, prosecutors alleged. Later in the month, Coinbase said it was investigating whether someone inside the company had leaked confidential company information.

On May 11, the exchange’s security-operations director emailed Ishan Wahi, telling him to attend an in-person meeting, prosecutors said. The day before the meeting, Mr. Wahi bought a one-way flight to India scheduled to depart the next day, according to prosecutors. They said that before the flight departed, Mr. Wahi called and texted his brother and Mr. Ramani about Coinbase’s investigation.

Law-enforcement agents stopped Mr. Wahi and prevented him from leaving the country, according to prosecutors.

The case is the latest signal that federal prosecutors in Manhattan are making an enforcement push on alleged insider-trading schemes of digital assets. Prosecutors last month charged a former employee of an NFT marketplace with using inside information to profit on NFTs, or nonfungible tokens.

The SEC charges are likely to turn up the pressure on Coinbase, which had previously disclosed it was under investigation by the agency. SEC Chair Gary Gensler has said he plans to pursue enforcement actions against crypto-trading platforms that facilitate trading in unregistered securities.

Thursday’s civil complaint marked the first time the SEC under Mr. Gensler has formally identified cryptocurrencies it believes to be securities that are offered on a major trading platform. It raises the possibility that Coinbase could face penalties for violating federal laws that require securities exchanges to register with the SEC.

The digital tokens listed by Coinbase and alleged by the SEC to be securities had a combined market value of $1.1 billion as of midday Thursday, according to CoinGecko.

Coinbase disputed the SEC’s assessment and criticized the agency’s decision to get involved in the case.

Mr. Grewal, Coinbase’s chief legal officer, said the firm has no plans to remove the cryptocurrencies from its trading platform.

“We have reviewed these assets carefully in advance of our listing,” he said, though he declined to share the firm’s legal analysis.

For each of the cryptocurrencies it alleged to be securities, the SEC applied a legal test developed by the Supreme Court in the 1940s. The commission said the tokens were all offered and sold to investors by issuers hoping to raise money. The issuers and promoters of the offerings touted the potential profits that investors might earn from the assets based on the efforts of others, the SEC said in its complaint.

“Those realities affirm that a number of the crypto assets at issue were securities, and, as alleged, the defendants engaged in typical insider trading,” SEC enforcement chief Gurbir Grewal said.


Courtesy of Corinne Ramey, James Fanelli, and Paul Kiernan, Wall Street Journal

Budget Briefing

The NCUA board was briefed on the budget and current operating budget surplus. The surplus is primarily from lower staffing levels and vacancy rates resulting in decreased pay and benefits and continued travel reduction. The board anticipates this to shift as they fill vacant positions and travel ramps up into 2023.

There was also discussion surrounding transparency over the 2023 budget to ensure an opportunity for the industry to ask questions etc. The anticipated release to the public of the 2023 proposed budget is expected to be the end of September.

Vice Chair Hauptman also inquired if there would be a reduction in the operating fee imposed to credit unions due to the surplus.

Final Rule Parts 700,701,702,708a, 708b, 750 and 790 – Asset Threshold for Determination the Appropriate Supervisory Office – (Final ONES Rule)

As expected, at the NCUA Board meeting today, the board members unanimously passed a final rule regarding ONES supervision.  Vice Chair Hauptman expressed his concerns that the rule doesn’t go far enough in terms of regulatory relief and pushed the board to identify means of regulatory relief for well-run institutions in a future discussion. Board Member Hood agreed and stated this isn’t the end of this rule, and it’s likely to see further iterations down the road as they continue to evaluate the industry as it evolves.

  • No substantive changes to the final rule from the proposed rule.

Proposed Rule Part 748 – Cyber Incident Notification Requirements 

Also, as expected, the board unanimously approved a proposed rule under Part 748 addressing cyber incident notification requirements, similar to those of the federal banking regulators.  The timing for notification would be 72 hours from the date a FICU determines an incident has occurred.


From the NCUA: NCUA Board Issues Proposed Rule on Cyber Incident Reporting Requirements


The proposed rule and request for comment will have a 60-day comment window upon publication in the Federal Register. The NCUA has stated that to be reported, an incident must be considered “substantial.” The definition of what is considered “substantial” will be included in the request for public comment. It was discussed at the meeting that 3 incident types would be deemed substantial and reportable incidents:

  • Federally Insured Credit Union identifies substantial loss of confidentiality/sensitive data as a result of unauthorized access/disruption of member services or integrity of a network or changed
  • cyber-attack or exploitation of a vulnerability that disrupts business operations/member services
  • Third-party service provider informs credit union data compromised by the third party – or upon a CU forming reasonable belief of compromise by a third party (whichever comes first)

Vice Chair Hauptman requested that if/when the rule is finalized, the NCUA must send out something directly to the industry – not just on the website – outlining examples of when to report and incidents that would not require reporting