Compliance Update with Amy K

​Reminder: HMDA thresholds changed January 1 – be sure you are collecting required data. Plus, preventing fraud is a supervisory priority – is your credit union using internal controls? 

​by Amy Kleinschmit, Chief Compliance Officer 
​
HMDA
As a reminder, HMDA thresholds changed as of January 1, 2022. In addition to the asset threshold change, which occurs every year, the threshold for open-end loans decreased from 500 to 200. Be sure you are collecting data if required under the Home Mortgage Disclosure Act (HMDA) as implemented under Regulation C.

If you are a visual person and like flow charts, here is the HMDA Institutional Coverage chart, effective January 1, 2022 and the Transactional Coverage Chart, effective January 1, 2022.

Regulation C requires you to collect HMDA data associated with mortgage loan applications processed during 2022 if:

• Your credit union’s total assets as of December 31, 2021, exceeded $50 million;
• Your credit union had a home or branch office in a Metropolitan Statistical Area on December 31, 2021;
• Your credit union originated at least one home purchase loan (other than temporary financing such as a construction loan) or refinanced a home purchase loan, secured by a first lien on a one-to-four unit dwelling during 2021; and
• Your credit union originated at least 100 covered closed-end mortgage loans in each of the two preceding calendar years (2020 and 2021) or at least 200 covered open-end lines of credit in each of the two preceding calendar years (2020 and 2021).

If your credit union meets all four criteria, you must collect HMDA data during calendar year 2022 and submit the data to the Consumer Financial Protection Bureau no later than March 1, 2023. Here is the CFPB’s reference chart for HMDA Data Collected in 2022.
 
NCUA – Capital Adequacy Framework Webinar
The National Credit Union Administration (NCUA) is hosting a free webinar regarding recent changes the NCUA made to its capital adequacy framework.

This webinar will be Wednesday, February 23 and registration can be found here.

Staff from the NCUA’s Office of Examination and Insurance will focus on the overall capital adequacy framework for all federally insured credit unions, including the final RBC and CCULR rules that were effective earlier this year for complex credit unions. Review of the new RBC and CCULR call report forms will be covered in detail.
 
Preventing Credit Union Fraud – Supervisory Priority
As previously discussed, the NCUA issued its Supervisory Priorities for 2022, which can be found here. As noted in this Letter to Credit Unions, “The offsite posture of many credit unions over the last two years has increased the potential fraud risks. The NCUA will review credit union efforts to deter and detect fraud, including internal controls and separation of duties. Transaction testing will be part of the examination procedures.”

Internal controls and fraud prevention are important for the credit union’s safety and soundness. Credit union need to have a system of internal controls and take steps to prevent and detect fraud. Internal controls include, but are not limited to, dual controls, computer access controls, member-account verification, surprise cash counts, timely recordkeeping, limiting employee access to their own accounts and family member accounts, annual audits, and audit and account verifications.

The National Credit Union Administration (NCUA) has a telephone line established solely for the reporting of suspicious or illegal activity committed by credit union employees, members, or officials in federally insured credit unions.  Toll-free anywhere in the United States 800.827.9650.

Alternatively, this NCUA Form may be completed to also identify fraud concerns.

Credit union are encouraged to post the NCUA Fraud Hotline in the credit union breakroom and share it with all staff AND volunteers.

Callers can remain anonymous, however, enough information must be given so that the problem, the individual(s) and credit union involved can be identified. In some cases, failure to identify yourself may make the report difficult to investigate. All reports are kept confidential.

When you contact the NCUA Fraud Hotline, a report is completed by the Office of General Counsel based on the information provided and forwarded immediately to the appropriate regional office. An investigation or inquiry into the allegations is conducted. In the event information provided to the hotline results in a finding of fraudulent or improper conduct, NCUA will take the necessary corrective action.

The NCUA encourages anyone that suspects or is aware of insider fraud at a federally insured credit union to report the information as soon as possible. Swift reporting minimizes risks, exposures, and losses, while supporting appropriate supervisory or administrative action against those that commit fraud or misuse their position.
​
The NCUA has a number of fraud prevention resources, which are discussed here. The NCUA Examiner’s Guide can also be a useful tool.

As discussed by the NCUA, “Credit unions can deter the potential for fraud by establishing strong, impenetrable internal controls, reviewing those controls periodically, and enforcing those controls consistently. Though the type of internal controls that are needed will vary based on the products and services a credit union offers, the board of directors and senior management of every credit union should design and adopt policies that will deter fraudulent employee activity.”

In addition to strong internal controls, other actions that a credit union can take to deter fraud include:

• Requiring employees to sign a Fraud Policy annually. This policy should address whistle-blowing procedures, mandatory and sequential vacation days, employee conduct, and actions a credit union will take if fraud is discovered.

• Conducting ongoing fraud awareness training.
• Requiring mandatory vacations and having another employee perform the vacationing employee’s duties.
• Monitoring employees, including lifestyle and behavioral changes.
• Background Checks - A credit union should check the background of all new hires, board members, and supervisory committee members, and update the information periodically.

An active supervisory committee can help detect and deter fraud and insider abuse. NCUA rules and regulations provide that “the supervisory committee is responsible for ensuring that the board of directors and management of the credit union meet required financial reporting objectives and establish practices and procedures sufficient to safeguard members' assets.” In other words, the Supervisory committee must ensure that the board of directors is safeguarding assets, and that management complies with their policies and plans. The Supervisory Committee must operate independently from management or staff. 

The Supervisory Committee should serve staggered terms, similar to the board of directors. The full turnover of a committee on an annual basis undermines the Supervisory Committee’s power and impairs the governance of the credit union.  

In addition to the threat of internal fraud, credit unions also face the threat of fraud from an external source. External fraud includes consumer fraud, cyber fraud, and fraud through third-party relationships or vendors. Education, training, and policy/procedures are key to mitigating the threat of fraud.

NCUA has a fraud webinar series available on demand that discusses deterring, preventing and detecting employee dishonesty, which can be found here.

As always, DakCU members may contact Amy Kleinschmit with any compliance related questions. 

---