by. Henry Meier
The annual Kabuki Dance between regulators and the regulated, during which credit unions complained that they are being smothered to death by tone-deaf examiners and examiners complained that they are being vilified by credit unions for doing their job, kicked off on Friday with NCUA outlining its regulatory points of emphasis for the 2014 examination cycle.
I often think much of the posturing and angst is overblown but inevitable given the fact that no one likes to be told what to do and regulators have a tremendous amount of power, some of which will be used to excess or be put in the hands of examiners, a small percentage of whom are not competent to exercise it. That being said, given some of the issues highlighted by NCUA, this could be a particularly contentious year — especially for smaller credit unions. Two issues in particular exemplify why friction is inevitable between examiners and the examined: cyber security and qualified mortgages (QM).
Cyber security is the number two risk identified by NCUA right after interest rate risk. NCUA correctly notes that smaller institutions have been identified as “vulnerable entry points” for cyber terrorist to infiltrate larger networks. Against this backdrop, the NCUA informs us in bold that “credit unions of all sizes will be expected to implement appropriate risk mitigation controls.” We’ll have to keep a really close eye on how this point of emphasis is actually translated into examiner oversight.
On the one hand, NCUA is absolutely correct in suggesting that, for cyber security purposes, the distinction isn’t so much between big and smaller institutions as it is between vulnerable and not as vulnerable institutions. On the other hand, it will never be realistic to expect smaller institutions to dedicate the same resources to deterring cyber crime as JP Morgan, for example. After all, there are many credit unions for which even hiring an IT person is cost prohibitive.continue reading »