Compliance Center: NCUA Releases Exam Priorities for 2016

Cybersecurity Assessment

Cybersecurity threats continue to represent significant potential operational risks to financial institutions. Cyberattacks are expected to increase in frequency and severity as worldwide interconnectedness grows and the capabilities to conduct cyberattacks become more sophisticated and easier for criminals or terrorists to obtain. As in 2014 and 2015, the National Credit Union Administration (NCUA) will continue to carefully evaluate credit unions’ cybersecurity risk management.

In June 2015, FFIEC released a Cybersecurity Assessment Tool. The NCUA encourages all credit unions to use the FFIEC tool and plans to begin incorporating the Cybersecurity Assessment Tool in their exam process in the second half of 2016.

Response Programs for Unauthorized Access to Member Information

During the 2016 exams, the NCUA examiners will be reviewing credit unions’ incident response programs for responding to unauthorized access to member information.

Bank Secrecy Act Compliance

NCUA field staff are required to review credit unions’ compliance with the Bank Secrecy Act and to complete the related examination questionnaire at every examination. In 2016, NCUA field staff will focus on credit unions’ relationships with money services businesses, also known as MSBs. 

Credit unions can provide services to an MSB while meeting BSA requirements, but should be aware of the unique risk exposure MSBs can present and the corresponding need for commensurate expertise and monitoring systems. In 2014, NCUA issued guidance to field staff and credit unions on identifying and mitigating risks of money service businesses. The guidance describes the steps credit unions should take to mitigate any money-laundering risks posed by MSBs.

If your credit union provides services to an MSB, field staff will verify that you meet the following minimum expectations established by NCUA and federal banking agencies:

  • Perform customer identification program procedures;
  • Ensure each MSB is registered with the Financial Crimes Enforcement Network (FinCEN) and is in compliance with state and local licensing requirements; and
  • Conduct a BSA/anti-money laundering risk assessment to document the level of risk associated with each MSB account and determine whether greater due diligence is necessary.

Interest Rate Risk

Interest rate risk will continue to remain high on the supervisory focus list as rates start to change.  The NCUA is in the process of updating their interest rate risk supervisory guidance and plan to publish the guidance in 2016. 

TILA-RESPA Integrated Disclosure Rule

The NCUA field staff will be reviewing credit unions’ compliance with the relevant provisions of the TRID requirements.

CUSO Reporting

Regulatory requirements associated with NCUA’s CUSO rule became effective June 30, 2014. One of the primary changes to the rule requires all federally insured credit unions that invest in or lend to a CUSO to enter into a written agreement requiring the CUSO to submitannual reports directlyto NCUA and the state supervisory authority, if applicable.

CUSOs will start providing their annual reports through the CUSO Registry in 2016. Once the deadline for CUSOs to register with NCUA has passed, field staff will check to ensure any CUSO a credit union has loaned to or invested in has registered with NCUA.  

Compliance Question of the Week

What is the difference between IRS form 1099-INT and form 1099-MISC?           

Form 1099-INT must be filed for each person the credit union pays $10 or more in interest during the calendar year.  Interest is the amount paid or credited by a credit union on deposits.  Even if the credit union does not call the amount interest (dividends), it may still be included in the definition of interest for the purpose of filing a 1099-INT.

Form 1099-MISC must be filed for each person the credit union pays at least $600 in prizes, awards, gross proceeds paid to an attorney, professional fees, or services.  Form 1099-MISC must be filed once each calendar year regarding the payments made during the calendar year.

When determining whether to file a 1099-INT or 1099-MISC for an incentive, consider whether the incentive was given in connection with either opening a deposit account or maintaining an account relationship. If the incentive was given for one of those reasons, the item given is considered interest and a 1099-INT must be filed if it is valued at $10 or more.  If the person did not agree to participate based on the opening or maintaining of an account, a 1099-MISC is required.

Related Links:

Legal Briefs

National Credit Union Administration (NCUA)

The NCUA issued Letter to Credit Union 16-CU-01. In the letter, the NCUA outlines its examination priorities for 2016 which include cybersecurity, interest rate risk, BSA, CUSO reporting, and the TILA-RESPA Integrated Disclosure rule.

The NCUA released a statement regarding Board Member McWatters, stating that he will continue to remain fully engaged on the NCUA’s board while going through the confirmation process for his next role, if confirmed, as a board member of the Export-Import Bank of the United States.

The NCUA and CFPB announced that they will be hosting a joint webinar on Tuesday, February 9th. The webinar is open to questions which participants can submit ahead of time.

The NCUA has posted the recorded video of its December board meeting.

Consumer Financial Protection Bureau (CFPB)

The CFPB has added a Construction Loan Factsheet that helps financial institutions understand how the TRID rule applies to various types of construction loans.

Federal Reserve Board (FRB)

The FRB has released the January updates to the Beige Book.

The FRB released the meeting minutes from the November and December discount rate meetings.

Federal Housing Finance Agency (FHFA)

The FHFA released a final rule that amends its regulation on FHLB membership.

Office of Foreign Assets Control (OFAC)

OFAC has updated the SDN list as of January 07, 2016. The last update prior to this was December 22, 2015.

Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Compliance News, NCUA.