The Federal Credit Union May-June 2014 - (Page 38)

COMPLIANCE CENTRAL NCUA Supervisory Focus for 2014 - Risk Management and New Regulations By Brandy Bruyere I n January, the National Credit Union Administration (NCUA) released its Letter to Credit Unions 14-CU-02 on the agency's supervisory focus for 2014, which aims to assist credit unions in preparing for the year's exam process. NCUA will scrutinize credit unions' ability to identify and mitigate forward-looking risks in several key areas as well as assess credit unions' compliance with several new rules and regulations. NCUA also plans to reallocate resources to improve efficiency by revising the exam scope. Here is a breakdown of the supervisory focus by topic, along with items that should help in preparing for this year's exams. Risks on the Horizon Given that risk can threaten the viability of credit unions and solvency of the Share Insurance Fund, NCUA will evaluate credit unions' management of potential risk. NCUA identified several key areas of risk: interest rate risk, cybersecurity threats, money services businesses and private student lending. Interest Rate Risk (IRR) NCUA will assess credit unions' efforts to mitigate IRR because "interest rate risk is the most significant risk the industry faces right now," particularly given the current environment of rising rates. NCUA regulations require credit unions with assets of more than $50 million to have a written IRR policy and effective IRR program. A credit union's IRR program should identify, measure, monitor and control risk 38 Interest rate risk is the most significant risk the industry faces right now. - NCUA Letter to Credit Unions 14-CU-02 based on the credit union's operations, business complexity, risk exposure and size. The board of directors is responsible for ensuring the IRR policy is adequate, which includes a periodic review of the credit union's IRR exposure and compliance with the policy and risk limits. Cybersecurity Threats As credit unions continue to utilize technology to provide member services, risk exposure for a variety of cyberattacks increases. These threats have the potential to compromise member data, lead to identity theft and even crash financial systems. NCUA examiners will evaluate credit unions' ability to assess and mitigate their cybersecurity risk. Specifically, "Credit unions of all sizes will be expected to implement appropriate risk mitigation controls - including vendor due diligence, strong password processes, proper patch management and network monitoring - to better prevent, detect and recover from cyberattacks." Credit unions' security programs should address cybersecurity risk, including methods for safeguarding member information and response programs for unauthorized access to member information. Managing cybersecurity risk will also include monitoring Internet-based financial services for outages and providing sufficient protections such as firewalls and intrusion detection systems to these programs. Cybersecurity encompasses a broad array of risks and is an important part of a credit union's risk mitigation strategy. Money Services Businesses (MSBs) Credit unions that have relationships with MSBs must consider the risks involved with these relationships, particularly with regard to money laundering. NCUA examiners will review credit unions that work with MSBs for Bank Secrecy Act compliance. The Financial Crimes Enforcement Network (FinCEN) released guidance in 2005 that addresses providing services to MSBs. Private Student Lending (PSL) Credit unions currently hold about $2 billion in outstanding private student loans. THE FEDERAL CREDIT UNION MAY-JUNE 2014

Table of Contents for the Digital Edition of The Federal Credit Union May-June 2014

Voices & Opinions
Calendar of Events
From the Chair
Inside NAFCU
Business Talk
The Lending Landscape
The Social Life: A Social Media Roundtable
NAFCU's 2014 Annual Report
Getting to Know...
Management Insight
Compliance Central
Inside NAFCU Services
From the President's Desk

The Federal Credit Union May-June 2014