2023 Regulatory Hot Topics

It is always important to be on top of what the regulators will be focused on and know how credit unions can prepare for regulatory change. A review of NCUA’s supervisory priorities, enforcement trends, rulemaking agendas, speeches, blogs and more, has identified the following "hot button" regulatory issues for 2023. By understanding these issues credit unions can determine areas that might require strengthening before the next exam cycle.

Deposit Accounts: It is important to ensure that you are complying with state and federal laws in regard to deposit accounts, especially in regard to pandemic relief funds and garnishments. In 2022, CFPB examinations identified several financial institutions that caused people to lose their pandemic relief funds due to the mishandling of garnishments. It was determined that poor policies and procedures in relation to CARES Act protections were the issue as well as poor planning for when the CARES Act expired.  Be sure that you use ComplySight to familiarize yourself with regulations related to deposit accounts and that you have properly trained staff on policies and procedures.

Overdraft and NSF Fees: Have you reviewed your complaints lately?  It might be time to specifically look at complaints related to overdraft and NSF fees. Is the member expressing that your fees are surprising or confusing? Are your employees properly trained to answer questions and educate members on overdraft and NSF fees?  Make sure to review documentation to determine whether your overdraft and NSF language is easy to understand or if it needs to be refined. Also evaluate your complaint process to ensure that you are capturing the appropriate information regarding overdraft and NSF fees. Consider member contact to make sure you are getting the  reason for the complaint (failure to understand, thought that they had more money, angry because they have to pay a fee, mad because they received multiple fees, etc.) and make sure that your process has the appropriate follow-up and remediation steps in place, including the potential for updated policies and procedures. Use ComplySight’s Complaint Management System to collect and store this data.  

Credit Reporting: The Consumer Financial Protection Bureau (CFPB) states that credit reporting is the most common complaint that they receive. Congress is also asking questions about the credit reporting process. Even if your credit union is not regulated by the CFPB, any complaints received by them are forwarded to the National Credit Union Association (NCUA). Be sure to review your policies related to credit reporting on an annual basis. Use ComplySight to connect to CU Policy Pro as well as to review applicable regulations. Be sure that your staff has the appropriate training in regard to the Fair Credit Reporting Act and  procedures for handling member complaints in regard to credit reporting errors. You can use ComplySight’s Complaint Management System to track credit reporting errors and analyze the data to help determine if the credit union’s processes are working properly. 
Loan Originating and Servicing: With interest rates changing drastically and added economic pressure, credit union underwriting standards must be airtight. It is key to ensure that any changes to your loan program (i.e. changes to fee structure) have carried over to member disclosures and that those disclosures have been thoroughly reviewed. Be sure that you are paying attention to consumer protections for loan forbearance.

Lending Practices and Fair Lending: Credit unions should ensure that their fair lending risk assessment has been updated and that fair lending data is being analyzed. Data should be analyzed to help identify whether there are any fair lending concerns at your credit union, and if they are indicative of a problem that needs to be remediated. Be sure that you are prepared with a well-researched explanation to show regulators, the press, or public interest groups, when you find potential issues to show what you uncovered and how you took corrective action. This is also one of the best ways to protect your members and ensure compliance within your lending program.

BSA/AML/OFAC: Due to instability around the world, the volume of new sanctions/orders has increased. Meanwhile, regulators are targeting BSA officers and management with individual fines. While this topic surprisingly fell off the NCUA's radar in 2023, your credit union still needs to be prepared to implement changes to the beneficial ownership rules over the next few years. Additionally, NCUA is developing a fraud questionnaire that they will be using during examinations. Now is a good time to ensure that your customer identification process (CIP)and overall BSA Program is intact and able to evolve as requirements and expectations change.  

Third-Party Relationships: Regulators continue to focus on credit union relationships with vendors, service providers, and fintech partners. Remember, the credit union is responsible for these relationships and will be held accountable for any breaches of data or non-compliance with consumer protection laws by third parties. Vendor due diligence does not stop when the contract is signed.  Does your credit union’s vendor management program include ongoing review of these relationships?  It might be time to conduct an additional review of vendor partners’ policies to ensure they align with your credit union’s policies in these key areas. 

Cybersecurity: Data breaches and ransomware continue to be ongoing problems. The NCUA recently approved the final rule on notification requirements for cyber incidents. Examiners will continue to review to ensure that credit unions have incident response processes in place and that data back-up and recovery capabilities are intact.  Cybersecurity continues to evolve and so should credit union policies and procedures.

One of the best ways to deal with these hot button issues is with a strong compliance management program that includes ongoing risk assessment, a comprehensive audit system, ongoing vendor management, and effectively managing member complaints. As credit unions consider how to address regulatory hot buttons, it’s important to know that you are not alone!  CU Risk Intelligence has the products and services that you need to assess your current level of compliance and risk. We offer both self-assessment tools and full customizable independent compliance review services as well as a vendor management platform that includes assistance with vendor reviews. Contact us at Info@CURiskIntelligence.com to learn more about resources to help.