Blog: The 6 Crucial Things to Keep in Mind for 2020 Audits

The 6 Crucial Things to Keep in Mind for 2020 Audits


The NCUA has made no bones about how important consumer financial protection regs will be to its examiners this year. In fact, the agency is requiring its exam team to review six specific consumer financial protection rules at all examinations when applicable to the credit union. Those six rules – and a few predictions from our team – are below.

Regulation E: Whereas last year’s Reg E exams focused on overdraft, this year the focus turns to EFT policies and procedures, as well as the credit union’s compliance with error resolution and initial account disclosure rules.  Like most disclosures, you must look at the timing and content within the disclosures.  This is something you could grab a quick sample of and audit prior to any examination.

FCRA: Examiners will want credit unions to demonstrate accuracy in their reporting to the credit bureaus. Here again, they are concerned with timing, especially as it relates to the date of first delinquency. Therefore, credit unions should double check that this is covered in policies, procedures and controls. Those documents should also be as detailed as possible when it comes to how the credit union handles member disputes related to credit reports.

Gramm-Leach-Bliley: Privacy is becoming a larger concern for consumer protection agencies of all kinds, as well as legislators across political parties and areas of the country. Consumers, too, are expressing greater interest in the proper safeguarding and ethical use of their personal data. Examiners will be looking for compliance with Gramm-Leach-Bliley and probably looking pretty closely at privacy policies and notices. We also expect them to ask more questions around how personal data is being shared with third parties and whether that sharing is disclosed to members. In certain areas of the country, especially California, examiners will likely ask about policies and procedures around opt-outs and member requests for personal data deletion.

Small-dollar lending: For credit unions that participate in the NCUA Payday Alternative Lending or PAL program, examiners will look at compliance with PAL rules and that their products are adhering to the interest rate cap. Small-dollar loans that are not a part of the PAL program still must comply with other rules. State-chartered credit unions, for instance, are not governed by PAL, but must still comply with certain regs around short-term, small-dollar lending. So, examiners will still be looking at compliance with those regs among CUs that have short-term, small-dollar loans on the books.

Regulation Z: How APRs and late charges are calculated and applied will be a big focus of this year’s Reg Z compliance reviews. Examiners will want to see how the credit union applies payments to the principal, interest, and other fees. They will also want to take a look at loan applications to see if they are consistent with the agreement and disclosures the member receives. We have worked with quite a few credit unions that have discovered issues in this area, and a lot of times it was due to a recent LOS or core conversion. That’s precisely why we recommend checking on these documents before the NCUA puts them through a fine-toothed comb.

MLA and SCRA: If you’ve been paying attention to the NCUA’s priorities for the last three years, you won’t be surprised to find these acts listed among the 2020 areas of focus. Examiners will be paying close attention to compliance with military and service member protection laws.

The NCUA has a lot of great resources out there such as the AIRES questionnaire, so compliance teams have no reason to fall short of examiner expectations in these areas. (Well, perhaps one reason: There’s a lot on the average credit union compliance team’s plate.)

The most efficient way to cover these six consumer financial protection regs the NCUA has prioritized is through an audit. Give us a call if you need help assessing policies, procedures, disclosures and other areas of compliance to identify any gaps before the NCUA gets there.