NCUA Chairman Todd M. Harper Remarks at the NASCUS Exchange

September 2022
NCUA Chairman Todd M. Harper Remarks at the NASCUS Exchange

As Prepared for Delivery on September 8, 2022

Introduction

Good morning, everyone. And, thank you, Brian, for the kind introduction. I am pleased to be here with you today.

I last spoke at a NASCUS Exchange back in 2019, which seems like a lifetime ago after the seismic shifts in how we live and work due to the pandemic. Clearly, much has changed in the three years since then, both in the credit union system and on the global stage.

Continuing Growth of Large Credit Unions

Yesterday, the NCUA released Credit Union System Performance Data for the second quarter of 2022. Overall, the numbers point to a healthy credit union system that is facilitating the ability of families to achieve their financial goals.

In fact, the industry’s aggregate net worth ratio grew to 10.42 percent. That figure represents a recovery of 40 basis points from a pandemic low of 10.02 percent. And, at the end of the second quarter we recorded a 16.2 percent year-over-year increase in credit union loans. We have to go back more than two decades to see loan growth of this magnitude.

As you all know, the credit union system has also experienced significant growth in size and complexity during the last 10 years. That evolution is especially apparent in the number of large and very large credit unions. This most recent quarterly data shows that the number of federally insured credit unions with assets of at least $1 billion increased to 412 in the second quarter of 2022. Together, these billion-dollar-plus credit unions held $1.6 trillion in assets. That’s three out of every four dollars within the system.

And, following a longstanding pattern, these credit unions reported the strongest growth in loans, membership, and net worth over the year ending in the second quarter of 2022. During the second quarter, we also saw the number of federally insured credit unions decline to 4,853 in the second quarter of 2022, from 5,029 a year ago. This year-over-year decline is consistent with long-running industry consolidation trends, which have remained relatively constant across all types of economic and regulatory cycles for more than thirty years.

As credit unions have continued to consolidate into fewer and larger institutions during the last decade, their total assets have nearly tripled and the number of institutions with more than a billion dollars in assets has risen more than 500 percent. The significant growth in the size and complexity of credit unions over the past ten years has prompted the NCUA to review existing standards and make necessary adjustments to oversight structure and risk assessment.

To that end, the NCUA Board in July approved a final rule to provide appropriate oversight of those systemically critical credit unions which pose a greater risk to the Share Insurance Fund, given their size and complexity. With this change, we lifted the threshold for supervision by the NCUA’s Office of National Examinations and Supervision from $10 billion to $15 billion. As a result, the NCUA regional offices will continue to supervise safety and soundness for those credit unions with assets above $10 billion and under $15 billion which have not already transferred to ONES oversight.

And, in response to recent economic trends, last week the agency issued a Letter to Credit Unions announcing changes to how the agency will supervise for interest rate risk. During the first half of 2022, we experienced the sharpest increase in interest rates in decades. The changing economic and interest rate environments in recent months prompted the NCUA to revisit the supervisory framework and procedures used to assess interest rate risk in credit unions.

Among other things, these recently announced changes clarified when the issuance of a document of resolution to address interest rate risk is warranted. We also provided examiners with more flexibility in assigning supervisory risk ratings for interest rate risk. We will continue to monitor changes in the interest rate environment, and we stand ready to take further prudent actions, if needed.

Cybersecurity and Other Risks

While the improvement in the system’s total lending is notable, we have also experienced declines in the system’s net income and returns on average assets over the last year. And, rapidly rising interest rates and inflationary pressures continue to challenge the system. Additionally, we have identified growing liquidity concerns within a subset of credit unions.

Therefore, credit unions of all types and sizes must remain diligent in managing safety and soundness as we continue to navigate the challenging economic environment ahead of us. Any one of those issues alone could lead me to have a hard time falling asleep, but the one topic that most often keeps me up at night is cybersecurity.

The likelihood of cyberattacks impacting credit unions, their regulators, and consumers has been steadily rising because of Russia’s war in Ukraine, advances in financial technology, and increases in the use of remote workforces and mobile technology for financial transactions. It is also a vulnerability throughout the industry because of a need for greater cybersecurity awareness, obsolete information technology infrastructure, and outdated cybersecurity policies and procedures.

While the U.S. Government has not yet detected specific cyber operations directed at the financial sector or in our credit union ecosystem, it has observed preparations that include scanning websites and bad actors probing for known vulnerabilities. This information serves as a warning to regulators and the credit union industry that cyberattacks are ultimately a question of when, not if. To protect the system, we all need to maintain a heightened state of cybersecurity awareness.

Vendor Authority

Unfortunately, cyber risk in the credit union system often lurks beyond the NCUA’s reach, namely with credit union service organizations and third-party service providers. Because the NCUA has no supervisory authority over third-party service providers, thousands of credit unions, tens of millions of members, and hundreds of billions of dollars in assets are unnecessarily exposed to cybersecurity risks.

We need to close this regulatory blind spot. So, the NCUA very much appreciates the ongoing support of NASCUS for the restoration of third-party vendor authority to the agency, especially at this critical time. Fortunately, we have recently seen positive progress within Congress on this issue. Specifically, the U.S. House of Representatives has passed legislation to provide the NCUA with the authority needed to supervise and take enforcement actions at CUSOs and vendors. And, in the Senate, bipartisan legislation has been introduced.

It is my hope that this legislation will become law so that the NCUA can build out an effective, risk-focused examination program for CUSOs and vendors before a major problem arises.

Strengthening the Dual Chartering System

And, the NCUA and NASCUS have common ground in other areas as well, including strengthening the dual-chartering system. The NCUA is currently working with NASCUS to modify an operating agreement template for the NCUA regional offices to use in discussions with state supervisory agencies. This template will facilitate the creation of new agreements with our state partners and promote dialogue on the supervision of state charters as it pertains to a particular state.

Another recent development was the Alternating Examination Pilot Program launched in 2019, with our fellow state regulators in New Hampshire, South Carolina, Florida, Texas, Oklahoma, and California. Based on recommendations from the 2016 Exam Flexibility Initiative report, the pilot program was designed to help the NCUA and state regulators determine how an alternating examination program could improve coordination and make the most efficient use of federal and state resources.

The pilot provided three options for supervision, including whether the NCUA or the state supervisory authority would serve as the lead on the exam and the extent to which the one party would participate when the other was the lead.

The good news is the overwhelming majority of comments from participant surveys were positive. So, the NCUA is evaluating the lessons learned from the pilot to determine which elements can be incorporated into our examination program in the future.

Lastly, NCUA’s Office of Credit Union Resources and Expansion recently modernized the credit union chartering process, including overhauling the Federal Credit Union Charter Application Guide and its supporting documents. The updated guide provides information to organizers interested in chartering new federal or state credit unions, gives organizers a better understanding of the state and federal options, and offers supplemental guidance for states to reference in their interactions with organizers.

Each of us in this room has a responsibility to ensure that the credit union system fulfills its statutory mission and lives up to its full potential by meeting the credit and savings needs of members, especially those of modest means. We can best achieve that objective by continuing to preserve small credit unions and minority depository institutions, facilitate the efforts of credit unions to expand their potential fields of membership into underserved places, and charter new credit unions, especially those that aim to provide services in unbanked and underbanked communities.

The NCUA remains very focused on each of these priorities.

That concludes my prepared remarks. Let’s turn now to the dialogue. Back to you, Brian.

Todd M. Harper Chartering Cybersecurity MDI
Last modified on
09/08/22