NCUA Issues Updated Guidance on Compliance Risk Indicators

NCUA has recently provided its examiners with guidance on the updated list of compliance risk indicators that are part of NCUA’s Risk-focused Examination Program. The updated list of indicators does not impose any new or higher supervisory expectations for credit unions. NCUA examiners will continue to take a consistent approach when evaluating a credit union’s ability to manage compliance risk. Additionally, NCUA staff will continue to consider such factors as the credit union’s size, complexity, and risk profile as part of their evaluation.

These risk indicators incorporate the principles of the FFIEC’s Interagency Consumer Compliance Rating System (CCRS). You may recall that the CCRS is an interagency framework for evaluating an institution’s ability to manage consumer compliance risk and to prevent consumer harm.  NCUA incorporates the framework into its Risk Focused Examination Program.  Remember, a credit union’s compliance management system is to proactively manage compliance risk by self-identifying and self-correcting any identified compliance deficiencies. The updated compliance risk indicators detailed in NCUA’s recent letter focus on three areas and specific factors within each area:

1. Board and Management Oversight
Do officials and management fully understand compliance risks?
Is there a clear commitment to compliance?
Are there significant resources dedicated to support compliance (systems, capital, HR)?
Is there comprehensive and ongoing due diligence and oversight of third parties to ensure that the credit union isn’t exposed to compliance risks?
How does management handle and respond to changes in applicable laws and regulations, market conditions, and product and services offered?
Are corrective actions taken when management proactively identifies compliance issues and deficiencies?

2. Compliance Program
Are your policies/procedures and third party relationship management programs effective in handling risks posed by the activities and products/services of the credit union?
Is your compliance training tailored to those receiving it?
Is compliance training to the roll out of new products and services or new consumer protection laws for awareness purposes?
Are management information systems, reporting, audit, and internal control systems evaluated throughout the credit union?
What are the processes for addressing consumer complaints and what actions are taken to prevent future complaints?

The first two areas (Board/Management Oversight and Compliance Program) take into account the credit union’s size, complexity, and risk profile.

3. Violations of Law and Consumer Harm
If there are violations of law and consumer harm has the credit union evaluated the root cause, the severity, duration, and the pervasiveness of the violation/harm across the credit union’s product lines and taken corrective action?

According to the Supervisory Letter, the AIRES questionnaire will be updated by June of 2017.


Compliance Question of the Week

Can a credit union open a share account for someone who only has an ITIN and not a Social Security Number?        

Yes. The NCUA encourages credit unions to serve individuals who are within the field of membership regardless of citizenship and regardless of whether they have a social security number or not.

An ITIN (individual taxpayer identification number) is a tax processing number issued by the Internal Revenue Service. It is a nine digit number that always begins with the number 9 and has a 7 or 8 in the fourth digit, example 9XX-7X-XXXX. IRS issues ITINs to individuals who are required to have a U.S. taxpayer identification number but who do not have, and are not eligible to obtain a Social Security Number (SSN) from the Social Security Administration (SSA). ITINs are issued regardless of immigration status because both resident and nonresident aliens may have U.S. tax return and payment responsibilities under the Internal Revenue Code.  Individuals must have a filing requirement and file a valid federal income tax return to receive an ITIN, unless they meet an exception.

Once this person is a member, he or she is entitled to all the services and products available to all other members.

It is also important to obtain other verification documents as part of your due diligence. ITINs are not valid identification outside the tax system. Since ITINs are strictly for tax processing, the IRS does not apply the same standards as agencies that provide genuine identity certification. ITIN applicants are not required to apply in person, and the IRS does not further validate the authenticity of identity documents. ITINs do not prove identity outside the federal tax system, and should not be offered or accepted as identification for non-tax purposes.

ITINs will expire if they are not used at least once in a three year period as of January 1, 2017.

Related Links:

IRS ITIN Instructions

Legal Briefs

National Credit Union Administration (NCUA)

The NCUA announced that it will hold a special closed meeting on Wednesday, April 12, 2017. The closed meeting will allow the Board to consider a supervisory action.

The NCUA announced that it will host a Twitter chat on April 18, 2017. The focus of the chat will be personal finances and building financial security.

The NCUA released a new video aimed at helping credit union directors run effective board meetings.


Consumer Financial Protection Bureau (CFPB)

CFPB Director Cordray delivered prepared remarks before the House Committee on Financial Services. Cordray’s remarks focused on the work that the CFPB has done, highlighting the agency’s enforcement actions, complaint system, and regulatory rulemaking.

The CFPB announced the release of its 2016 Consumer Response Annual Report. The report provides an overview of the complaints received by the bureau in 2016, which total 291,400. Debt collections, credit reporting and mortgages collectively represented 67% of the complaints.


Federal Deposit Insurance Corporation (FDIC)

The FDIC announced the availability of its financial education tools in recognition of National Financial Capability Month. The tools are free and aimed at helping individuals of all ages build their financial knowledge.

The FDIC issued FIL-16-2017, announcing the availability of a new resource for community banks. The new resource, Affordable Mortgage Lending Guide, Part III: Federal Home Loan Banks, describes the programs offered by the FHLBs.


Department of Labor (DOL)

The DOL issued a final rule delaying the effective date its fiduciary rule, which was originally effective on April 10, 2017. This final rule extends the effective date to June 9, 2017.


Federal Reserve Board (FRB)

The FRB announced that it is now accepting applications for its Community Advisory Council, a council that advises the board on issues impacting consumers and communities.

The FRB released the minutes from its March 14, 2017 Federal Open Market Committee meeting. The FRB also issued a press release, providing the highlights of the committee meeting, as well as the projections materials.

The April issue of FedFocus is now available.

The FRB issued a statement regarding the Treasury’s participation in Same Day ACH. The statement indicates that the Treasury will be ready for Same Day ACH by September 15, 2017, beginning with the ability to receive tax and non-tax Same Day ACH credits.

The FRB updated its Bank Holding Company Supervision Manual.


Financial Crimes Enforcement Network (FinCEN)

FinCEN issued advisory FIN-2017-A002, which provides an updated list of jurisdictions with AML/CFT deficiencies. _____________________________________________________________________________________

Office of Foreign Assets Control (OFAC)

OFAC has updated the SDN list as of April 7, 2017. The last update prior to this was April 6, 2017.

Questions? Contact the Compliance Hotline: 1.800.546.4465;

Posted in Compliance News.