Exam prep tips for credit unions in 2023

The National Credit Union Administration (NCUA) released its 2023 supervisory priorities, and if I had to summarize the key theme in two words it would be risk management. Being exam ready isn’t just about meeting compliance requirements. It’s also embracing a proactive approach to risk management by continually assessing and mitigating risk. 

Here are three areas to focus on.

1. Fraud prevention and identification  

You don’t need me to tell you that fraud is on the rise, but I can tell you that NCUA is taking a proactive approach to combatting fraud. It will be closely reviewing internal controls, including separation of duties, and will use a new questionnaire to identify red flags and potential fraud risks during exams.

Credit unions should prepare by reviewing and assessing their fraud controls for effectiveness and implementing any necessary adjustments. This includes taking a closer look at their effectiveness and determining if any adjustments or new controls need to be implemented.

With fraudsters constantly finding new ways to commit fraud, it is crucial for credit unions to stay vigilant and regularly assess their controls to minimize potential losses. This is not only good exam preparation, but also the best way to reduce fraud losses.

2. Information security and cybersecurity at credit unions 

The NCUA has introduced new Information Security Examination procedures for 2023. It’s placing a strong emphasis on the ability of credit unions to adapt and effectively combat emerging cyber threats.

One recommended resource for preparation is the use of the Automated Cybersecurity Evaluation Toolbox (ACET). It helps evaluate your cyber maturity so you can assess critical cyber controls and have a common language for discussing cybersecurity with examiners. Ongoing cybersecurity risk management is a must.

3. Consumer protection

Consumer protection, including overdraft programs, fair lending, the Truth in Lending Act (TILA), and the Fair Credit Reporting Act (FCRA), are a high priority for the NCUA.

Overdraft. Last year the NCUA requested information about overdraft programs. This year they’ll also examine website advertising, balance calculation methods, and settlement processes to ensure that credit unions are assessing the potential risk for consumer harm from unexpected overdraft fees – and taking action to remedy any issues.

To prepare, credit unions should conduct a risk assessment of their overdraft program.

Questions to ask include:

• How critical is income from overdraft fees to the credit union?
• Have you made changes to your overdraft program, and how and when did you communicate the changes to members in a “clear and conspicuous” way?
• Can members easily understand how and how often their limit will change or are they likely to encounter other fees?
• Do you charge members for re-presentment?
• Is member use of overdraft protection increasing?
• Are some members or groups of members paying disproportionate overdraft fees?

Asking questions like this as part of a risk assessment helps identify practices that aren’t member friendly. It also helps identify new controls or even new products and services that might help members better manage their money while developing alternative sources of fee income for the credit union.

Fair lending. The NCUA will closely scrutinize policies and practices related to steering and loan pricing discrimination. Additionally, they will focus on the potential for bias in residential real estate appraisals, examining consistency, fairness, and accuracy during tailored file reviews.

To prepare, credit unions should conduct a thorough analysis of their loan data to identify any disparities that may indicate discrimination or fair lending violations—and then take action to understand why they are happening and correct them. They should also review policies and practices to ensure they are up to date and effective and that staff complies with them.

Don’t be surprised by your own data. Don’t let your data be used against you. Proactively identifying and addressing potential issues with fair lending analytics helps mitigate the risk of being flagged during an examination. 

Truth in Lending Act (TILA). Credit unions that experienced significant growth in auto lending should expect examiners to look at compliance and disclosures.

To prepare, make sure your auto lending policies, procedures, and disclosures are accurate, up-to-date, and working effectively. Third-party vendor management is essential to ensuring any partners are also complying with TILA.

Fair Credit Reporting Act (FCRA). Credit reporting will be an exam priority, especially furnishing, adverse action notices, risk-based pricing, and consumer rights disclosures.

Prepare by reviewing your FCRA policies and procedures. Pay special attention to high-risk areas. If you find control weaknesses or discover employees aren’t following policies and procedures, take steps to remediate those issues.

Be ready for NCUA exams with good risk management. It’s the best way to ensure your members are part of a safe, sound credit union with strong consumer protections.