Newsroom

The NCUA Board Thursday approved two final rules: one expanding the list of permissible activities and services for Credit Union Service Organizations (CUSOs) to originate any type of loan that a federal credit union (FCU) may originate and one to add an “S” component to the CAMEL rating system. The board also received a board briefing on cybersecurity threats and the NCUA’s information security examination and cybersecurity assessment program.

During the meeting, the Board also discussed a Letter to Credit Unions issued yesterday stating that the agency would allow low-income credit unions participating in the Treasury’s Emergency Capital Investment Program (ECIP) to receive 30-year subordinated debt investments. NAFCU will continue to advocate for reconsideration of existing maturity limits and suggest further modifications to the agency’s final subordinated debt rule.

Final Rule: Permissible activities and services for CUSOs

In a 2-1 vote, the board approved the final rule expanding the list of permissible activities and services for CUSOs to originate any type of loan that a FCU may originate and grants the NCUA with additional flexibility to approve permissible activities and services outside of the notice and comment rulemaking process. The Board notes that this final rule enables FCUs to compete effectively in the marketplace and several factors mitigate risks to the National Credit Union Share Insurance Fund (NCUSIF).

NAFCU previously supported this proposal to allow credit unions to better compete in the digital lending marketplace but did not support the NCUA circumventing the notice and comment rulemaking process to permit additional CUSO activities. The association has made additional recommendations and appreciates the Board’s openness to considering the ability of CUSOs to aggregate and securitize credit union loans and to permit credit unions to invest directly in fintech companies.

Final Rule: CAMELS Rating System

In a unanimous vote, the board approved a final rule that would add an “S” component, which rates a credit union’s sensitivity to market risk, to the CAMEL rating system, and redefines the “L” or liquidity risk component. The final rule will enhance examination consistency between credit union regulators at both the federal and state level and will improve the NCUA’s monitoring of interest rate and liquidity risk and will lead to better allocation of resources. During the first quarter of 2022, the NCUA stated it will conduct outreach and training, and credit unions do not have to take any action before the effective date.

NAFCU has previously supported the addition of the “S” component but also urged the NCUA to provide detailed examination guidance and focus on ensuring examination consistency in its application of the CAMELS rating system.

Board briefing: Cybersecurity

During the board briefing, agency staff briefed the Board on cybersecurity threats, the NCUA’s information security examination and cybersecurity assessment program, guidance and risk alerts, the NCUA’s resources, and industry outreach efforts.

In addition, staff highlighted risk trends in ransomware, supply chain attacks, and business email compromises. Of note, the NCUA is planning a final rollout of the InTREx-CU exam component in September 2022.

NAFCU appreciates the NCUA’s transparency in cybersecurity matters and urges the agency to ensure examination consistency.

Stay tuned to NAFCU Today for the latest on the NCUA.