Credit unions & regulatory compliance: Be ready to deal with these issues in 2023

What will regulators and examiners pay the most attention to in 2023? How can we prepare for regulatory change? We’ve answered four of the most common questions we’re hearing from credit unions.

What are the regulatory hot topics for 2023 and how can we prepare for them?

After analyzing supervisory priorities, enforcement trends, rulemaking agendas, speeches, blogs, and more, my team identified the following hot button regulatory issues for 2023 and what you need to be doing about them:

1. Deposit accounts: Compliance with state and federal law, especially in relation to pandemic relief funds and garnishments, is a hot issue. Train staff on policies and procedures.
2. Overdraft and NSF fees: Review your complaints and other feedback to assess whether your fees are surprising or confusing members. Put in the time to review your documentation to ask whether it’s clear and easy to understand or if it needs refining.
3. Credit reporting: Inaccurate credit report information is the most common complaint received by the Consumer Financial Protection Bureau (CFPB), and it’s taking notice. Update credit reporting policies and procedures to ensure accuracy, train staff, and test systems. Investigate and resolve member disputes promptly. Your credit union may not be regulated by the CFPB, but that doesn’t mean it’s not an issue. Those complaints are forwarded to the National Credit Union Administration (NCUA). Congress is also asking questions.
4. Loan origination and servicing: Drastic changes to interest rates and resulting economic pressures on credit unions means underwriting standards and processes must be airtight. Ensure changes to your loan program, such as fees, have carried over to member disclosures. Pay attention to consumer protections for loan forbearance.
5. Lending practices & fair lending: Update fair lending risk assessments and analyze fair lending data. If regulators, public interest groups, or the press suspect issues, you’ll want to have a well-researched explanation ready to show what you uncovered and how you corrected any problems promptly. Also, it’s the best way to protect your members from a potential weakness in your lending compliance program.
6. BSA/AML/OFAC: Instability worldwide has increased the volume of new sanctions/orders. Meanwhile, regulators are targeting BSA officers and management with individual fines. Even if this topic surprisingly fell off NCUA’s radar in 2023, your credit union needs to be prepared to implement changes to beneficial ownership rules over the next few years. In addition, your customer identification program should be able to withstand increased fraud. NCUA is developing a fraud questionnaire to be used during examinations.
7. Third-party relationships: Regulators continue to focus on relationships with vendors, service providers, and fintech partners, including those that help you offer Banking as a Service (BaaS). Be aware that your institution will be held accountable for breaches of data or non-compliance with consumer protection laws by third parties.
8. Cybersecurity: Data breaches and ransomware are ongoing problems. NCUA recently approved a final rule on cyber incidents and notification requirements. Examiners will continue looking for incident response processes and data backup and recovery capabilities.

The best way to address these eight issues is with a strong compliance management system. Update policies and procedures, train staff, and analyze data to identify any areas of concern. Stay up to date on rulemaking agendas and regulatory developments to ensure compliance and avoid penalties.

What’s the latest on 1071?

Section 1071 of the Dodd-Frank Act, also known as HMDA for small business or commercial HMDA, isn’t final yet. The Consumer Financial Protection Bureau (CFPB) has until March 31, 2023, to issue its final rule.

Although the CFPB’s rulemaking agenda for 2023 initially suggested an earlier release, the January final rule date has since passed. While we know the final rule will require small business lenders to collect data about applicants, we don’t have answers on key issues such as the data fields that will be necessary, the definition of a small business, who will be responsible for reporting data, and the implementation timeline.

Stay tuned for more information.

What should we do about overdraft and NSF fees?

The regulatory agencies are scrutinizing overdraft and NSF fees. The question: do they qualify as “unfair” under Unfair Deceptive and Abusive Acts & Practices (UDAAP). That means the stakes are higher.

Your institution may not need to abandon overdraft offerings, but it’s a good idea to avoid “authorized positive, settled negative” and to assess the reasons for some return check fees. Now is the time to risk assess your program to determine if your credit union’s practices or fees could be seen as unfair, if members can easily understand your policies and fees, if fees catch members off guard, and if the fee income justifies the risk?

After completing a risk assessment, adjust your program where needed. Your credit union’s overdraft programs should align with your risk tolerance.

Is fair lending still under scrutiny?

Fair lending is still of exceptional interest to regulators.

Actually, it’s more than fair lending. It’s a broad approach that considers fair and responsible banking. Regulators are applying UDAAP definitions to a wide range of products and services – not just loans – and warning of discrimination.

Regulators are also concerned about bias in artificial intelligence (AI). Algorithms only offer fair, unbiased responses when they are fed fair, unbiased data. If they are given information that knowingly or unknowingly reinforces discriminatory patterns, algorithms will discriminate. That makes it extremely important to know why algorithms make the decisions they make. Black box algorithms can lead to discrimination.

Appraisal bias is also drawing attention. Your credit union needs to update its fair lending risk assessments and analyze fair lending data to ensure risk is managed.

Don’t get caught up by known regulatory issues. Make sure your credit union is proactively managing its compliance risk.