Chairman Crapo, Ranking Member Brown, and Members of the Committee, as Chairman of the National Credit Union Administration (NCUA) Board, I appreciate the invitation to testify today about the state of the credit union industry and to provide background on the NCUA’s most recent initiatives.
The NCUA’s mission is to “provide, through regulation and supervision, a safe and sound credit union system, which promotes confidence in the national system of cooperative credit.”1 This system is vital to the American economy, touching more than one-third of all U.S. households.2 In turn, the NCUA is charged with, and focused on, ensuring the safety and soundness of the National Credit Union Share Insurance Fund (Share Insurance Fund). The agency takes seriously our paramount responsibilities to regulate and supervise approximately 5,281 federally insured credit unions with more than 119.5 million member-owners and more than $1.53 trillion in assets across all states and U.S. territories.3 As part of that mission, we have developed initiatives to help credit unions, within the bounds of safety and soundness, serve their members more effectively, including members of modest means and those in underserved areas.4
I will first focus on the strong state of the credit union industry and the Share Insurance Fund and then discuss the NCUA’s efforts to meet the goals the agency set out in our 2018–2022 Strategic Plan (opens new window):5
- Ensuring a safe and sound credit union system;
- Providing a regulatory framework that is transparent, efficient, and improves consumer access; and
- Maximizing organizational performance to enable mission success.
In describing how the NCUA is meeting these goals, I will focus on the NCUA Board’s ongoing efforts to improve the agency’s efficiency and effectiveness in light of the ever-changing financial services marketplace. The NCUA is striving to reduce the regulatory, reporting, and examination burdens facing credit unions without sacrificing the safety and soundness of the credit union system and, in turn, the Share Insurance Fund.
I will also address some of the ways we are promoting financial inclusion and making it easier for credit unions to serve their members more effectively, including the underserved, those of modest means, people with disabilities, and those in vulnerable communities.
State of the Credit Union Industry and the Share Insurance Fund
Federally insured credit unions continued to perform well in 2019. As of September 30, 2019, credit union membership had grown by more than 3 percent over the preceding year to more than 119 million members. Assets in the credit union system increased to $1.53 trillion, and the system’s aggregate net worth ratio stood at 11.39 percent, well above the 7-percent statutory level for well-capitalized credit unions.
As I said in my testimony before the Committee in May, the NCUA continues to be a responsible steward of agency funds and remains dedicated to sound financial management practices. In May, the agency paid dividends to more than 5,500 institutions eligible for a $160.1 million Share Insurance Fund distribution. This was part of the nearly $900 million in equity distributions the agency has issued over the last 18 months; money that is going back into communities to support small businesses, promote economic growth, and improve the financial well-being of credit union members across the country.
Examination and Supervision of Regulated Entities
The NCUA’s supervision of federally insured credit unions consists of periodic onsite examinations and continuous offsite monitoring. The examination program is designed to deploy resources on a proportionate basis, taking into account the risk profile and size of institutions. The frequency with which the NCUA conducts examinations is consistent with the approach of the federal banking agencies.
Lower-risk federal credit unions with assets of less than $1 billion may qualify for an examination every 14 to 20 months, while all other federal credit unions receive an examination every 8 to 14 months. For federally insured, state-chartered credit unions, NCUA coordinates examination timing with state supervisors.
Additionally, the agency has a three-tiered exam program based on a credit union’s asset size and risk profile. The Small Credit Union Examination Program is targeted to federal credit unions with total assets of less than $50 million and a CAMEL composite rating of 1, 2, or 3. Small credit unions that are financially and operationally sound and present a lower risk will typically have shorter examinations and more concise examination reports.
The NCUA uses a risk-focused examination program for credit unions between $50 million and $10 billion in assets. During these examinations, field staff review areas that have the highest potential risk and evaluate a credit union’s compliance with federal regulations.
Lastly, the agency has a separate program to identify, mitigate, and manage the risk in large consumer credit unions, those with assets greater than $10 billion. The large credit union program includes a continuous supervision model, including enhanced off-site monitoring and data analysis. Further, these institutions are subject to capital planning and stress testing requirements to assess their financial condition and risks over the planning horizon under both expected and adverse conditions. The examinations conducted in large consumer credit unions are also subject to heightened quality control, which is conducted by the NCUA’s Office of Examination and Insurance.
The agency’s examination and supervision program provides for active risk management and early detection of problems, which is critical to preserving the financial strength and well-being of the system. The NCUA strives to detect and resolve problems in credit unions before they become insurmountable. Of course, the NCUA takes credit unions’ compliance with legal requirements seriously, and, when necessary, takes various administrative actions to compel institutions to correct violations of law. The agency has a variety of enforcement authorities available to it and carefully considers the types of enforcement actions that would be most effective.
Because fines imposed on credit unions must be paid by credit unions’ member-owners, which ultimately takes money out of communities served, the NCUA makes judicious use of its civil money penalty authority. The NCUA favors using administrative actions when a credit union is not operating in a safe and sound manner, complying with applicable statutory and regulatory requirements fully, or both.
The NCUA uses both informal and formal actions to achieve resolution of problems. Informal actions include: documents of resolution, regional director letters, unpublished letters of understanding and agreement, and preliminary warning letters. Formal actions include: published letters of understanding and agreement, cease and desist orders, involuntary liquidations, conservatorships, removals, prohibitions, terminations of insurance, and revocation of charters.
The particular administrative action or progression of actions the NCUA uses depends on the facts and circumstances of the particular case. Based on our decades of experience, we have learned that most problems can be resolved through informal actions.
The NCUA does impose civil money penalties on credit unions from time to time. The amounts of those penalties are small, designed to correct the immediate problem, and are usually assessed in response to a credit union’s failure to submit Call Reports or other required data to the NCUA in a timely manner. In these limited circumstances, we have found that small civil money penalties are effective.
Cybersecurity and Technology
Credit unions compete in a dynamic and changing marketplace where they face many evolving challenges and threats. Because of this, the NCUA is bringing fresh thinking to our regulatory approach to ensure that the credit union system remains safe and sound.
Cybersecurity is a priority across the financial system, both for institutions and regulators, and across the federal government. Information technology and cybersecurity have become an integral and ubiquitous part of the delivery of financial services. While advances in technology have generated vast benefits and efficiencies, they have come with emerging risks and threats. It is essential that the NCUA strike the right balance between promoting innovation and ensuring security. Credit unions must be able to safely and securely use technology to deliver member services and to adopt financial innovations to ensure the industry’s long-term success.
NCUA’s Cybersecurity Initiatives
This year, I appointed a cybersecurity advisor that reports directly to the Chairman of the NCUA, Mr. Johnny E. Davis, Jr. Under my leadership, and with the advice of Mr. Davis, the NCUA has adopted key cybersecurity initiatives in addition to our overall cybersecurity examination program:
- First, we are advancing consistency, transparency, and accountability within the NCUA’s cybersecurity examination program;
- Next, we provide credit unions with information and resources to improve their preparedness and resiliency. This includes sharing best practices for cybersecurity to help credit unions successfully carry out their responsibilities; and
- Finally, we have established and improved safeguards to ensure that the NCUA’s systems and the information we collect are secure.
The specific program activities associated with the NCUA cybersecurity initiatives are as follows:
Information Security Maturity Assessments
The NCUA established an Assisted Information Security Maturity Self-Assessment Program for credit unions in 2018. We did this by benchmarking and customizing the Cybersecurity Assessment Tool developed by the Federal Financial Institutions Examination Council (FFIEC).6
Ultimately, we created a specialized Automated Cybersecurity Examination Toolbox for credit unions, which we call the ACET. A central element of the ACET is an assessment of a credit union’s cybersecurity maturity. This maturity assessment allows the NCUA and credit unions to determine the maturity of a credit union’s information security program by answering as series of 500 questions. The questions assess five specific domains:
- Cyber Risk Management and Oversight;
- Threat Intelligence and Collaboration;
- Cybersecurity Controls;
- External Dependency Management; and
- Incident Management and Resilience.
We perform an ACET maturity assessment on each credit union at least once every four years. In the years we do not perform a full ACET maturity assessment, we incorporate an emphasis on critical security controls in a credit union’s regularly scheduled examination. At the conclusion of the initial four-year cycle, the NCUA will have established a baseline for each credit union assessed and a benchmark for where the credit union industry stands against other financial services institutions. A subsequent four-year cycle will identify the progress the credit union industry has made in strengthening its cybersecurity maturity.
Specifically, the NCUA has conducted, and will conduct future, ACET maturity assessments, as follows:
- In 2018, all scheduled institutions with $1 billion or more in assets were assessed; 7
- In 2019, all scheduled institutions that have between $250 million and $1 billion in assets have been assessed; and
- In 2020, all scheduled institutions that have between $100 million and $250 million in assets will be assessed.
The NCUA will not conduct an ACET maturity assessment of those credit unions that have $100 million or less in assets. Beginning in 2020, such smaller credit unions will be able use the ACET maturity assessment to conduct a self-assessment. In addition, examiners will emphasize the effectiveness of critical security controls when examining smaller credit unions. The ACET will be available for download on our website.
Of note, our efforts to collect baseline and benchmark data on credit unions using the ACET maturity assessment have not been used in an enforcement capacity. In the event that a safety or soundness issue is identified, examiners are trained to stop the maturity assessment and then proceed with the associated examination procedures for the Gramm-Leach-Bliley Act that are incorporated into Part 748 of the NCUA’s regulations.
Information Security Examination Program
In the spirit of examination harmonization, the NCUA is in the process of updating our cybersecurity examination capabilities by leveraging the Information Technology Risk Examination (InTREx) solution utilized by the Federal Deposit Insurance Corporation, the Federal Reserve System, and the State Liaison Committee members of the Federal Financial Institutions Examination Council.8
Similar to the tailored work required on the FFIEC’s Cybersecurity Assessment Tool, the NCUA is ensuring that our smallest institutions can have their cybersecurity posture examined without undue burden given their respective size and complexities. The InTREx solution is structured in accordance with the Uniform Rating System for Information Technology (URSIT), which focuses on a core module for audit, management, development and acquisition, and support and delivery. It also contains an escalated expanded module that has additional considerations.
The NCUA’s new examination procedures described in Part 748 will be housed in our new Modern Examination and Risk Identification Tool (MERIT), which is being piloted through 2020 with full implementation scheduled for 2021.9 The first phase of the InTREx pilot will focus on statements and questions, examination procedures, and associated job aids. The second phase will be the execution within MERIT.
Future discovery activities are also underway for the full adoption of the URSIT to ensure consistency within our cybersecurity risk ratings and appropriate weighting for IT and cybersecurity risk within the more traditional aspects of financial services.
Awareness, Training and Education Program
In accordance with the National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Framework, we are enhancing our training for the following examiner roles:10
- Entry-level financial examiners;
- Seasoned financial examiners;
- Subject matter examiners with additional responsibilities unique to IT and cybersecurity; and
- Specialist [Information System Officers] dedicated to IT and cybersecurity.
The role-based training will emphasize the importance of critical security controls and IT service management and delivery, among other categories. The NCUA will focus on providing all agency examiners progressive training to ensure they have a common understanding of the importance of cybersecurity management, vulnerability assessments, and management specialty areas, with other specialty fields to follow.
Quality Assurance and Continual Service Improvement
To continuously review and evolve the cybersecurity examination programs effectiveness, the agency’s Office of Examination and Insurance reviews the final examinations of all of our largest consumer and corporate credit unions, as well as the annual sample set of consumer credit union examinations conducted by the NCUA’s regional staff. This provides a full lifecycle review on the program, analysis and help with the identification of trends. This process informs plans of action and milestones for improvements more broadly.
Going forward, the NCUA is strengthening our review process to map more specifically with a set of NIST Cybersecurity Framework Key Performance Indicators, Key Risk Indicators, and their associated metrics.
Risk/Threat Profile Management
The NCUA is enhancing the collection of information on cybersecurity threats and risks to ensure we obtain and analyze actionable data and collaborate with the credit union industry to the fullest extent possible. We are doing this by distilling trends and tactics used by hostile actors into generic root causes. These root causes are typically in the form of critical security controls and they allow us to begin identifying the critical security controls that contribute to an array of nefarious activities. We can then develop best practice resources credit unions can use to combat the threat of cyberattacks.
Rapid detection and response within a credit union’s incident management capabilities is an important root-cause security control. Part 748 of the NCUA’s regulations require credit unions to report catastrophic events, including cybersecurity incidents, to their respective NCUA Regional Offices. The NCUA analyzes these reports for follow-on actions and to identify trends.
To improve our data collection and analysis, we are also developing an incident management system in partnership with our Office of the Chief Information Officer’s Computer Security Incident Response Team.
Cybersecurity Exercise Management
The NCUA’s primary initiative resulting from our relationship with the Financial Services Sector Specific Agency, U.S. Department of Treasury, the Financial Services Information Sharing Analysis and Center, and the National Credit Union Information Sharing and Analysis Organization is the agency’s cybersecurity exercise management.
We consider our exercise program to be an extension of our awareness, training, and education program. Here, we focus on designing, developing, conducting, and evaluating exercises so the agency and the credit union industry can improve their resilience or the ability to prepare for, respond to, manage, and recover from adverse events as expeditiously as possible.
Special Projects and Initiatives
In support of the identified priorities and programmatic goals and objectives, the NCUA will engage in a variety of special projects and initiatives to promote cyber preparedness within the credit union industry further. Some primary special projects and initiatives include:
- Monthly cybersecurity articles;
- Hosting cybersecurity forums;
- Hosting a national tabletop exercise;
- Enhancing our cybersecurity resource website; and
- Participating in an array of credit union-sponsored speaking engagements, workshops, and other outreach activities
Recent NCUA Rulemakings
I believe that the NCUA Board is obligated to consider the compliance burdens and the costs our institutions shoulder on a day-to-day basis. As a result, we are reducing, streamlining, and eliminating outdated or overly burdensome regulations where possible, so credit unions can simultaneously stay competitive in the changing environment and continue to provide financial services to their members and communities. We continue to improve the regulatory environment for credit unions without sacrificing our safety and soundness mission.
In September, the NCUA Board issued a final rule to update, clarify, and simplify the federal credit union bylaws. This final rule reflects an extensive, collaborative effort with the credit union industry dating back to 2013.
The rule was designed to clarify and update the bylaws and to provide significant flexibility in governance, balanced by the consideration of member rights and engagement. Because credit unions are member-owned cooperatives, it is important for us to get the bylaws right. They set the basic qualifications for, among other things, membership, member meeting requirements, the processes credit unions have to follow to protect member voting rights and election procedures, how bylaws and charter amendments may be adopted, and field-of-membership requirements.
One of the more significant changes we made to modernize the bylaws was to permit federal credit unions to conduct hybrid annual and special meetings. This change will be especially beneficial to federal credit unions that serve active-duty members of the armed forces who are serving our country throughout the world and who may be unable to participate in credit union meetings without virtual access. Allowing members to participate virtually, in addition to in-person meetings, has the potential to expand member engagement greatly.
We also wanted to support federal credit unions in their succession planning efforts. Credit union boards of directors are almost entirely composed of volunteers who are elected to these positions by their fellow credit union members. Succession planning in this context is extremely important, especially for smaller credit unions. To help federal credit unions maintain leadership continuity and create a pipeline of knowledge among their members, the final rule clarified that a federal credit union may establish associate director positions. These positions provide people with an opportunity to gain exposure to board meetings and discussions without formal director responsibilities. This is an important way for credit unions to increase their pool of potential board members.
Finally, we clarified that notices for events, such as annual and special meetings and elections, could be combined with regular communications from federal credit unions to their members. For example, under the new bylaws, a credit union is permitted to send a notice about the nomination process along with monthly or quarterly statements in the same mailing.
Public Unit and Nonmember Shares
This year, the NCUA Board also finalized a rule that raised the threshold on the amount of public unit and nonmember shares a federally insured credit union can receive. The rule delivers on the goals of extending responsible regulatory relief and giving greater flexibility to eligible credit unions to determine the funding structure most appropriate to support their operations.
Public unit and nonmember shares are the functional equivalent of, and no more volatile than, borrowings and, therefore, warrant a higher level of authority than the previous regulation allowed. Setting a higher, but prudent, limit on the amount of public unit and nonmember shares eliminates the need for credit unions to seek a waiver of the limit, as they had to do under the prior rule. This will save credit unions and the NCUA’s regional offices valuable time and resources, and will eliminate onerous paperwork without sacrificing safety and soundness.
Most credit unions, however, will be constrained in the amount of leverage they can add to their balance sheets based on their respective levels of net worth. Many small credit unions have net worth levels high enough to take full advantage of this proposed new authority. So, while this final rule provides relief to all federally insured credit unions, it will likely benefit small and low-income-designated credit unions the most.
This final rule will provide individual credit unions with additional flexibility regarding funding options, but it will not materially increase the aggregate level of public unit and nonmember shares and borrowings the credit union system can collectively utilize. Federally insured credit unions currently have about $70 billion in outstanding public unit, nonmember shares, and borrowings, representing 4.5 percent of total assets.
In doing our research for the rule, we looked back on the overall trends for credit unions, and I’m pleased to say the industry has enjoyed solid share growth, a reflection of its financial strength and the high-quality service credit unions provide. Loan growth over the last several years has been very strong, also reflecting the value of credit unions to consumers, and has consistently outpaced share growth. However, this trend can create liquidity risk for some credit unions.
Our supervisory efforts will continue to keep a watchful eye on liquidity strength and include a more holistic view of credit unions’ funding strategies, and this includes those utilizing public unit and nonmember shares as part of the mix. The final rule updates the regulations to recognize the significant changes the credit union industry has undergone in the 31 years since the original limit was adopted, including credit unions’ growing need for diversified sources of funding to serve their members.
Commercial Real Estate Appraisals
As we continuously look for ways to rethink regulatory policies that could stand in the way of productive borrowing and lending to credit union members, particularly those in underserved areas — and this includes rural communities — I would like to bring to your attention a number of other rulemakings the agency has finalized this year to help credit unions serve their members better.
This past July, the NCUA Board approved a final rule to update the agency’s commercial real estate appraisal standards for credit unions, raising the commercial real estate threshold from $250,000 to $1 million. This rulemaking also amended the agency’s regulations to formally include the rural exemption for residential appraisals provided by the Economic Growth, Regulatory Relief, and Consumer Protection Act, or S.2155.
This particular regulatory relief matters to our communities right now. There are areas in the country that experience a scarcity of certified property appraisers. For example, some communities in the rural Midwest do not have a sufficient number of appraisers, which means the process of getting a loan to buy commercial property can get extended many weeks to enable time for a certified appraiser from another region to travel to the borrower’s location and provide the necessary physical inspection and estimate of the property’s value. This delay can mean significant cost, which has a material adverse impact on lenders and borrowers alike.
The agency conducted comparative analysis and due diligence to determine if raising the appraisal threshold would represent an undue risk to credit union lenders and the Share Insurance Fund. Importantly, we concluded that establishing a new threshold at $1 million does not. I want to be clear on this point. I would not move forward with a regulation that didn’t adequately address safety and soundness. In addition, this only applies to real estate transactions, not to loans for other types of business assets.
Commercial lending represents a relatively small proportion of credit union assets, so these loans are not likely to be a source of undue risk to the Share Insurance Fund. Moreover, credit unions will still be responsible for adhering to the appropriate risk-management practices for underwriting commercial real estate loans, including use of written estimates of market value conducted by a qualified person independent of the transaction, such as a licensed appraiser. That is a critically important part of keeping faith with the borrowers, members, and the communities these institutions serve.
We took great care to listen to both the supporters of raising the appraisal threshold and to its critics. We considered their perspectives and weighed their concerns carefully in crafting this rule. I am confident that the final regulation is prudent and that it will facilitate lending while ensuring the safety and soundness of the financial institutions under our watch. At the same time, we instituted a number of additional safeguards to mitigate any concerns about the increased risk in these transactions. The higher appraisal threshold will be met with enhanced standards for written estimates of market value containing sufficient information to support the credit decision. These assessments will be conducted by independent and qualified professionals. This rule also allows credit unions to catch up with banks, whose qualified business loan threshold for appraisals has been at $1 million since 1994.
And, just last month we issued a proposed rule, which is currently out for public comment, to raise our residential real estate appraisal threshold from $250,000 to $400,000. Consistent with safe and sound banking practices and with the requirement for other transactions that fall below applicable appraisal thresholds, the proposed rule would require credit unions to obtain a written estimate of market value of the real property collateral in lieu of an appraisal.
We recently strengthened the regulatory standards for written estimates of market value by codifying independence requirements for persons conducting this type of valuation, and these individuals must be qualified and experienced to conduct such valuations. Raising the residential real estate appraisal threshold would bring us into alignment with the banking regulators, who raised their threshold earlier this year.
Field of Membership
The agency revived its rulemaking in the field-of-membership area, work that dates back to 2015 and 2016. On October 24, 2019, the NCUA Board unanimously approved a proposed rule to better explain its decision to eliminate the core area requirement, emphasizing that such a decision would increase flexibility to applicants for community charters, and, thus, increase the likelihood of providing financial services for low- and moderate-income individuals. The Board also re-proposed the combined statistical area provision. With this proposed rule, the agency took a critical step in the NCUA’s ongoing work to allow credit unions to alleviate some of the difficulties low-income and underserved Americans face in accessing financial services.
Today, one of the many ways that credit unions fulfill their mission is by offering Payday Alternative Loans (PALs). While many credit unions offer some type of safer small-dollar loan product to their members, in 2010, the NCUA began authorizing a unique PALs program for federal credit unions. These loans have fewer fees and are offered at low rates capped at 28 percent, which is nothing close to the triple-digit rates charged by online and storefront payday lenders. Furthermore, as member-owned, not-for-profit financial cooperatives, credit unions play a key role in investing in their members’ financial futures. They provide access to financial education, the possibility of establishing savings, and other services to ensure their members are on a pathway to financial stability. In fact, more than 80 percent of federal credit unions offering PALs report payments to credit bureaus, a critical step towards borrowers building access to mainstream financial services and breaking the cycle of debt.
At the end of 2018, 502 federal credit unions reported that they made payday alternative loans during the year. These credit unions reported making 211,574 loans amounting to $145.2 million during the year. In comparison, in 2012, 476 federal credit unions reported that they made 115,809 loans amounting to $72.6 million.
Earlier this year, the NCUA Board expanded the PALs program to give federal credit unions additional flexibility to offer their members meaningful alternatives to traditional payday loans while maintaining many of the key structural safeguards of the original PALs program. Known as PALs II, this new option is not intended to replace the current PALs program. Rather, it will be another option, with different terms and conditions, for federal credit unions to offer PALs to their members. PALs II incorporates many of the structural features of the original PALs program designed to protect borrowers from predatory payday lending practices. Those features include a limitation on rollovers, a requirement that each PALs II loan must fully amortize over the life of the loan, and a limitation on the permissible fees that a federal credit union may charge a borrower related to a PALs II loan. A federal credit union would also have to structure each loan as closed-end consumer credit. New or modified features unique to PALs II loans include: loan amount, loan term, membership requirement, number of loans, and a restriction on overdraft fees.
The original PALs program requires a borrower to be a member of a federal credit union for at least one month before the credit union can make a PALs loan to that borrower. The PALs II program does not have this minimum membership requirement. The purpose of this change was to allow a federal credit union to make a PALs II loan to any member borrower who needs access to funds immediately and would otherwise turn to a payday lender to meet that need. This is a better alternative than having those borrowers take out predatory payday loans and wait for 30 days before rolling that predatory payday loan over into a PALs II loan, or worse, never applying for a PALs II loan. However, credit unions will be free to require a minimum length of membership for their PALs II loans if they so choose.
In contrast to the original PALs program, there is no minimum loan amount under the PALs II program, because it may not be prudent for a federal credit union to require a member to borrow more than necessary to meet their demand for funds. Establishing a minimum PALs II loan amount could require a borrower to carry a larger balance and incur additional interest charges when a smaller PALs II loan would satisfy that borrower’s need for funds without the additional interest charges. The $2,000 maximum loan amount for PALs II loans is double the amount allowed under the original program and is designed to give a federal credit union the opportunity to meet increased demand for higher loan amounts from payday loan borrowers. It also provides some borrowers with an opportunity to consolidate multiple payday loans into one PALs II loan and a means for creating a pathway to mainstream financial products and services offered by credit unions.
While the original PALs program limited loan maturities to a minimum of one month and a maximum of six months, the PALs II program allows a federal credit union to make a loan with a minimum maturity of one month and a maximum maturity of 12 months. The longer loan term will allow a federal credit union making a PALs II loan to establish a repayment schedule that is affordable for the borrower while still fully amortizing the loan.
PALs II is a reflection of our experience overseeing the original PALs program and of working with consumer-focused organizations to craft financial solutions that make a difference to millions of Americans with low to moderate incomes. PALs is a program of prudent lending that directly helps households who have to date been relegated to the high interest rate, subprime payday lending industry. The NCUA is committed to building on our experience in this area and adjusting this program in a way that helps credit unions maximize sustainable and affordable service to their members.
Diversity and Inclusion
I have described financial inclusion as the civil rights issue of our era. By “inclusion,” I mean not only broader access to affordable financial services, but also to employment and business opportunities. Our country is going through a period of profound demographic change, and our financial system should be leading efforts to respond to that change. Credit unions are growing stronger, and they serve their members and communities better when they promote greater diversity, equity, and inclusion as part of their business model. The NCUA complies with every component of Section 342 of the Dodd-Frank Wall Street Reform and Consumer Protection Act.
With respect to diversity within credit unions, the NCUA issues an annual voluntary self-assessment for credit unions to assess diversity and inclusion within their organizations. As the regulator, we model for the industry that diversity, equity, and inclusion are strategic imperatives. All three of the agency’s board members continuously promote the value of these principles within the industry. We were the first among the financial regulators to issue the self-assessment tool. We are currently in our fourth year of collecting submissions from the industry. We strongly encourage credit unions to assess their diversity and inclusion policies and practices through the NCUA’s Credit Union Diversity Self-Assessment. For example, we recently hosted an industry-specific diversity, equity, and inclusion summit to provide best practices and promote the value of diversity to the industry. We have committed to hosting such an event annually in different locations to promote greater opportunities for stakeholder participation.
The agency already provides guidance to the industry on supplier diversity and we will be issuing a guide on boardroom diversity. As Chairman of the Board, I have sent letters to all federally insured credit union CEOs expressing the NCUA’s commitment to diversity, equity and inclusion and asking for their participation in the credit union diversity self-assessment. Similar communications have also been sent to all credit union leagues, asking them to encourage their members to submit the self-assessment.
The agency has taken the position of going beyond just assessing and setting standards for the industry. We are actively promoting the principles of diversity, equity, and inclusion, including providing guidance and sharing best practices.
In terms of supplier diversity, the NCUA has integrated supplier diversity principles into our own procurement process. As a result, we have grown from 6 percent in awarded contract dollars to minority- and women-owned businesses in 2010 to 45 percent in 2018.
With respect to workforce diversity and inclusion at the NCUA, we have a robust and comprehensive program that has allowed the agency to make improvements in the demographics of our entire workforce, including at the senior leadership level. As of the pay period ending on March 16, 2019, the NCUA workforce composition was as follows:
- The total NCUA workforce count was 1,120.
- Males made up 631, or 56.3 percent, of the total NCUA workforce.
- Females made up 489, or 43.7, percent of the total NCUA workforce.
- Minorities made up 333, or 29.7, percent of the total NCUA workforce.
- The NCUA senior leadership team was 46 percent female.
- The NCUA senior leadership team was 22 percent minority.
Our assessment of our diversity and inclusion initiatives is an ongoing process and one we continually seek to develop and improve.
Second Chance Initiative
Another initiative the Board undertook in the diversity, equity, and inclusion space earlier this year, and one which I consider to be one of our most important Board actions, involves extending “second chance” opportunities to job applicants with old criminal records for minor, non-violent offenses. It is hard to estimate accurately the number of Americans with criminal records, but one commonly cited number is 70 million. A great many of these Americans face barriers to hiring that leave them unemployed or underemployed. Fortunately, policymakers and corporate leaders have begun to rethink these punitive hiring practices and the financial services industry can and should play a leading role in welcoming these individuals back into the mainstream of American life.
The NCUA Board is making a concerted effort to provide second chances where we can.
Since I became Chairman, we approved an employment waiver for a woman who has a criminal record. But, she paid her debt to society, rehabilitated herself, and has no further history of criminal behavior. A drug addiction from nearly 25 years ago will not hold her back from working for a federally insured credit union.
On a broader policy level, the Board recently updated the agency’s Interpretive Ruling and Policy Statement regarding statutory prohibitions on persons who have been convicted of any criminal offense involving dishonesty or breach of trust or who have entered into pretrial diversion or similar programs in connection with a prosecution for such offenses. Previously, such a person could not participate in the affairs of an insured credit union except with the prior written consent of the Board. By amending our guidance, we are reducing the scope and number of offenses that would require an application to the Board. Specifically, credit unions would not have to get prior Board approval to hire someone who, as a young adult, committed such violations as small- dollar theft, false identification, simple drug possession, and other isolated minor offenses.
My primary responsibility is the industry’s safety and soundness. But, where appropriate, I want to encourage the financial services industry to take reform-minded steps that better meet the needs of the communities and citizens we serve.
Minority Depository Institutions
Another initiative we have developed to make it easier for credit unions to serve members of modest means and those in underserved areas is our minority depository institution (MDI) preservation program, through which we provide technical assistance, training, and mentoring opportunities to help MDI credit unions help their members.
Credit unions are by design different from other financial institutions. They are member-owned-and-controlled, not-for-profit, cooperative entities. Their boards of directors are made up of volunteers. Their central mission is to give groups of people access to affordable financial services and the ability to participate in their institutions’ management.
MDI credit unions, more particularly, serve the financial needs of racial minorities because such populations traditionally have been underserved by the financial system. A credit union’s designation as an MDI is defined by the minority composition of its current and potential membership and the minority composition of its board of director, consistent with the definition set forth in Section 308 of The Financial Institutions Reform, Recovery, and Enforcement Act of 1989.
The NCUA understands the significant value these credit unions represent to their members and communities, and recognizes the challenges they face. There are many benefits to having a diverse and inclusive financial services sector. It makes sense to have board members, managers, senior leaders, and employees reflect the community a financial institution serves. Diversity leads to better service, greater innovation, improved solutions and a larger customer or membership base. This is why the NCUA is committed to supporting MDIs and the communities they serve.
As of June 30, 2019, there are 526 federally insured credit unions designated as MDIs. Collectively, MDI credit unions serve 3.9 million members, manage $39.6 billion in assets, hold aggregate deposits of $34 billion, and own $27.5 billion in loans.
Earlier this year, the NCUA created a new pilot mentoring program for small low-income credit unions that are also designated as MDIs. I’m delighted we could help these small credit unions establish relationships with larger institutions to help them grow and thrive.
Diversity, Equity, and Inclusion Summit
Last month, the NCUA hosted its first Credit Union Diversity, Equity, and Inclusion Summit, bringing together industry leaders, regulators, and policy experts for a daylong series of conversations focused on what the credit union industry can do to better advance our commitment to a financial system that works for everyone. For too long, too many people have been overlooked or locked out of the financial mainstream. We know that the lack of access to affordable financial services holds working families back from taking that next step up the financial ladder. We need to remove the obstacles to financial security these Americans are facing.
Guidance on Serving Legal Hemp Businesses
One area I want to highlight, because of recent Congressional action in this space and ongoing Congressional interest, is the legalization of hemp as part of the Agricultural Improvement Act of 2018. Since the enactment of the law, we have been proactive in making sure that credit unions are aware that the law removed hemp from the Controlled Substances Act and the framework Congress has created for the U.S. Department of Agriculture (USDA) to regulate domestic hemp production.
We expect to continue updating the credit union community now that the USDA has published its interim final rule. We have received interest from credit unions eager to know the rules of the road for serving hemp-related businesses in their communities, and we want to make sure those credit unions have what they need to make informed decisions in this area.
Some credit unions have lawfully operating hemp businesses within their fields of membership. Businesses dealing with hemp and hemp-derived products include manufacturing, distribution, shipping, and retail companies, among others. With the recent changes in federal law, more hemp-related businesses may be founded, and existing ones expanded. Growth in hemp-related commerce could provide new economic opportunities for some communities and will create a need for such businesses to be able to access capital and financial services. In turn, we continue to advise credit unions that they must be aware of the federal, state, and Indian tribal laws and regulations that apply to any hemp-related businesses they serve, and they need to understand the complexities and risks involved. We are advising credit unions that they must continue to have Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) compliance programs commensurate with the level of risk and complexity involved in the services and accounts they offer.
Many credit unions have a long and successful history of providing services to the agriculture sector. Hemp provides new opportunities for agricultural communities. The NCUA is encouraging credit unions to thoughtfully consider whether they are able to safely and properly serve lawfully operating hemp-related businesses within their fields of membership, and we stand ready to work with them.
Merger and Acquisition Activity
The declining number of federally insured credit unions reflects a long-term trend of consolidation within the financial services industry overall. The vast majority of credit union merger activity is voluntary, with credit unions citing economies of scale, the ability to offer relevant online banking services, and succession planning as the top reasons for mergers. However, each year, a relatively small number of institutions are merged or acquired at a cost to the Share Insurance Fund. Seven federally insured credit unions that were merged or acquired in 2018 required assistance from the Share Insurance Fund.
Bank Secrecy Act/Anti-Money Laundering
NCUA conducts a BSA/AML review during every examination and takes appropriate action when necessary to ensure our regulated financial institutions meet their obligations under applicable BSA/AML regulations.
The NCUA continues to partner with fellow federal financial regulators, Treasury, and the Financial Crimes Enforcement Network (FinCEN), to improve transparency, efficiency and effectiveness of the BSA/AML regime in the United States. This partnership includes outreach to all industry stakeholders and continued work streams by agency staff, along with our partners at the other federal financial regulatory agencies and Treasury, to continue improving transparency, clarity, and effectiveness while seeking ways to reduce burden and increase efficiency.
In October 2018, the NCUA joined other federal agencies in issuing a joint statement addressing improved efficiency through shared resources and collaborative relationships. The statement outlines ways in which institutions with limited BSA risk can share resources with other similar institutions, thereby lowering costs while in many cases improving effectiveness and efficiency. It addresses instances in which these institutions might decide to enter into collaborative arrangements to share resources to manage their BSA/AML obligations more efficiently and effectively. The costs of meeting BSA/AML requirements and effectively managing the risk that illicit finance poses to the broader U.S. financial system may be reduced through sharing employees or other resources in a collaborative arrangement with one or more other credit unions or banks. These arrangements may also provide access to specialized expertise that individual institutions may otherwise be challenged to acquire without the collaboration. This may benefit some credit unions, especially smaller institutions that may find hiring or retaining staff with the necessary knowledge a challenge.
In July of this year, the agencies issued a joint statement clarifying the consistent risk-focused approach used by the federal financial regulators, including the NCUA, during examinations. The statement helps regulated financial institutions better understand what they can expect during a BSA/AML examination as well as clarifying that the agencies tailor each examination to the unique characteristics and risk indicators that exist at each institution. It outlines common practices for assessing an institution’s money laundering/terrorist financing risk profile, assisting examiners in scoping and planning the examination, and evaluating initially the adequacy of the BSA/AML compliance program. Using this approach, the agencies generally are able to allocate more resources to higher-risk areas and fewer resources to lower-risk areas when conducting BSA/AML examinations. This risk focus ensures meaningful examinations scaled up or down based on the risk presented by each unique institution.
The NCUA is also working closely with our partner agencies to revise and update the BSA/AML examination manual to clarify expectations for examiners. FFIEC agencies and Treasury are working diligently to ensure examiners appropriately apply a risk-focused examination consistently.
Finally, I meet monthly with my federal counterparts to closely monitor and provide direction to agency staff on priorities and initiatives designed to improve transparency, efficiency and, most importantly, the effectiveness of the BSA/AML regime in the United States.
Financial Technology Updates
While financial innovation holds promise, it is crucial that credit unions, consumers, and other stakeholders understand and mitigate associated risks. The NCUA’s goal is to balance maintaining the safety and soundness of credit unions without stifling their use of innovative technology and related vendors. Credit unions need to embrace financial technology while also clearly understanding and managing any risks they may incur.
My top priorities with respect to fintech include outreach and education. The NCUA’s Fintech Working Group is looking at ways federally insured credit unions can adopt and embrace fintech so they can compete in the changing financial services industry effectively. The agency will continue to solicit industry feedback about the competitive issues credit unions face, and the industry is collaborating with marketplace lenders and other fintech companies.
The NCUA will continue to promote technical assistance programs that low-income credit unions can use to support the acquisition and development of fintech-related digital services. I am also interested in exploring opportunities to partner with academic institutions to continue to research and monitor financial technology—such as online lenders, machine learning, artificial intelligence, and payment systems—to identify the benefits to consumers, especially those that are underserved and how fintech may affect credit unions.
The NCUA is actively coordinating on fintech issues with the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and the Consumer Financial Protection Bureau. The agency will continue to participate in interagency working groups and discussion forums, and any other opportunities for coordination.
Thank you for the opportunity to provide an update on the strong state of the credit union industry and to highlight NCUA’s latest initiatives. I look forward to your questions.
1 See NCUA Mission and Vision, https://www.ncua.gov/about-ncua/mission-values.
2 NCUA calculations using the Federal Reserve’s Survey of Consumer Finances, 2016.
3 Based on September 30, 2019, Call Report Data.
4 Serving the Underserved, National Credit Union Administration, https://www.ncua.gov/support-services/credit-union-resources-expansion/field-membership-expansion/serving-underserved. The Federal Credit Union Act, the statute governing this agency and federally insured credit unions, specifies that this national system is intended to meet “the credit and savings needs of consumers, especially persons of modest means.” Credit Union Membership Access Act, Pub. L. No. 105-219, § 2(4), 112 Stat. 913, 914 (1998).
5 See NCUA’s 2018–2022 Strategic Plan, https://www.ncua.gov/files/agenda-items/AG20180125Item3b.pdf (opens new window).
6 FFIEC Cybersecurity Assessment Tool, https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017.pdf (opens new window)
7 Scheduled examinations and contacts are not done for all credit unions every year. Therefore, each year’s demographic focus also includes any institution of the previous demographic that did not have a maturity assessment conducted (for example, in 2019, institutions of $1 billion or more in assets scheduled for examinations that were not conducted in 2018 will be subject to an ACET maturity assessment.
8 See InTREx, https://www.fdic.gov/news/news/financial/2016/fil16043.html (opens new window)
9 See MERIT, https://www.ncua.gov/regulation-supervision/examination-modernization-initiatives/enterprise-solution-modernization-program/ncua-connect-merit
10 See NICE Framework, https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-center (opens new window).