When NCUA examiners set the agency’s supervisory priorities for 2020, Chairman Hood and his team could never have anticipated the upheaval of COVID-19. However, looking at the priorities now through a COVID-19 lens proves just how critical each of the areas outlined in that January 2020 letter to credit unions are to a cooperative’s operations. From BSA/AML to liquidity risk, each of the areas has been affected by the economic and human impacts of the global pandemic.
As compliance officers and their teams continue to consult with their credit union colleagues on necessary operational changes, product or program launches and other COVID-19 related initiatives, keep a close eye on the following:
BSA / AML: Although regulatory bodies have made statements hinting at empathy for the tough calls credit unions are having to make, they have also been clear about the need to adhere to timing requirements, specifically for filing suspicious activity reports (SARs) and currency transaction reports (CTRs). With fewer staff in the office to make these filings, credit unions may need to make special provisions to maintain compliance. Especially during a crisis, when financial desperation heightens friendly fraud and opportunistic criminals exploit vulnerabilities, it’s really important to report red flags.
Consumer Financial Protection: No doubt, NCUA examiners’ main focus will be on issues related to safety and soundness. However, they are also likely to look into how policies and procedures modified for the pandemic impacted members. For instance, Reg E guidelines around error resolutions are important for maintaining member protection. Particularly now, as more members are transacting online, credit union staff need to have their disputes and chargebacks procedures down pat. If steps had to change to accommodate lighter staff or work-from-home circumstances, that should be well documented.
Another consumer protection area compliance leaders may want to check in on is how the credit union is reporting payment histories to the credit bureaus, and of course, how they are documenting those decisions and activities. As more members take advantage of payment relief programs, like skip-a-payment, credit unions need a written plan for how they will report that activity consistently from member to member.
Small-dollar lending is a third activity credit union compliance leaders will want to get involved with. Many credit unions have ventured into short-term or small-dollar loans to a greater degree to help members during this unprecedented time. Regulations around these products are notoriously fuzzy. Compliance leaders can inject a significant degree of confidence among various leaders within the organization by translating some of the principles that regulators shared in a pre-COVID-19 world for the current environment.
Credit Risk: Credit unions should document any and all changes made to the evaluation of an applicant’s creditworthiness. Because requirements have likely been eased a bit to help more members cope with job loss, health issues and other financial stressors, credit unions will want to show the calculations made, specifically how they worked to balance member wellness with the overall health and sustainability of the cooperative.
Current Expected Credit Losses: The deadline for CECL compliance has been pushed back even farther. The extension, in combination with the chaos of COVID-19, and for some, the added turmoil of riots and looting, could create a situation in which CECL prep simply falls off the radar. Put a note on the calendar to check in with your finance and accounting teams during the fall of 2021 to see if they will be ready for the new effective date of January 1, 2023.
Cybersecurity: While we are not likely to see a lot in this area from an exam standpoint, data security and privacy should be a high priority for all credit unions. That’s because most have made a significant shift to digital delivery of products and services, which opens any organization up to an increased set of risks. Adjusting to remote work, increased web traffic and changes to the patterns of internal and external stakeholders calls for compliance and infosec teams to work even more closely together to assess the safety of member and credit union data.
LIBOR Cessation Planning: Few credit unions use the LIBOR reference rate; however, the index remains on its way out. Similar to CECL compliance preparation, you may choose to back-burner this one depending on the number of more pressing needs on your plate. Just remember to set a reminder to check in on your credit union’s transition plan in a few months.
Liquidity Risk: This area is definitely something to keep an eye on as NCUA makes moves to give credit unions greater access to liquidity funds. Temporary amendments are making it easier for the nation’s financial cooperatives to get to the cash they need to make members lives easier. With that comes a series of documentation and other requirements, such as elimination the six-month waiting period for a new member to receive a loan. Therefore, CFOs, boards committees and other leaders are likely to lean on their chief compliance officers to stay in compliance with new and constantly evolving rules.
The biggest thing for credit unions staring down the eventuality of a post-COVID-19 exam is to keep track of everything new or unusual the credit union does to weather the pandemic storm. Because those exams could be very far into the (hopefully much improved) future, it will be critical to have the ability to look back and explain why decisions were made and how outcomes were monitored. The NCUA and other agencies know credit unions will be challenged in many ways throughout this unprecedented and global crisis, so they are likely to be lenient in the short-term. However, there’s no guarantees or specifics on that, so whenever possible, keep your compliance effort as BAU as the “new usual” allows. As always, if our team can answer any questions or provide any guidance, please don’t hesitate to reach out.