In its ninth open meeting of the year, the National Credit Union Administration (NCUA) Board recently approved two items via a live webcast:
On top of these new final rules, the NCUA Board also received a semiannual briefing on popular cybersecurity risks threatening credit unions.
The NCUA Board collectively approved a final rule adding sensitivity to market risk (“S”) to the current CAMEL rating system. The intention behind adding the “S” component is to increase transparency and offer context for the NCUA and federally insured consumer and corporate credit unions to differentiate between liquidity risk “L” and sensitivity to market risk “S”. Adding the “S” component also creates cohesion between financial institutions supervised by other banking agencies.
The revised CAMELS rating system will go into effect on April 1, 2022, the final rule’s effective date.
In a 2-1 vote, the NCUA Board approved a final rule amending the NCUA’s CUSO regulation. The rule increases the number of permissible activities and services for CUSOs and gives the NCUA Board discretion to approve permissible activities outside of notice-and-comment rulemaking.
The list of preapproved activities and services within the CUSO rule has not been significantly updated since 2008, when it added two new categories of permissible CUSO activities: credit card loan origination and payroll processing services. The rule also created new examples of permissible CUSO activities and clarified that federal credit unions may invest in and loan to CUSOs that buy and sell participations of loans they are permitted to originate.
Under the new final rule, CUSOs are now “permitted to originate, purchase, sell, and hold any type of loan permissible for federal credit unions to originate, purchase, sell, and hold.” Therefore, CUSOs may originate general consumer loans, direct auto loans and unsecured loans and lines of credit. CUSOs can also purchase vehicle-secured retail installment sales contracts from auto dealers. This newfound flexibility will empower CUSOs to offer a wider selection of services for their customers while also reducing regulatory burdens of notice-and-comment rulemaking.
This final rule pertaining to CUSOs adopts the proposed rule from January’s Board meeting without significant changes and will go into effect 30 days after it is published in the Federal Register.
Rounding out the open meeting was a cybersecurity briefing from the NCUA’s Office of Examination and Insurance. The presentation’s agenda was broken out into five areas:
Attendees received an update on ongoing business email compromise complaints, ransomware cases, third-party vulnerabilities and the NCUA’s Automated Cybersecurity Evaluation Toolbox (ACET), a resource credit unions can leverage to determine potential cybersecurity risks. The resources presented to the board are accessible for credit unions here.
This publication is distributed for informational purposes only, with the understanding that Doeren Mayhew is not rendering legal, accounting, or other professional opinions on specific facts for matters, and, accordingly, assumes no liability whatsoever in connection with its use. Should the reader have any questions regarding any of the news articles, it is recommended that a Doeren Mayhew representative be contacted.
A quick registration is required to view our resources.
You will only be asked to do this one time (unless you don't save your browser cookies).