Letters focus on compliance risk, evaluation
April 9, 2017 -- A supervisory letter on evaluating compliance risk, with updated compliance risk indicators, has been posted on the NCUA website; the letter – addressed to all NCUA field staff -- was delivered to all federally insured credit unions via a “Letter to Credit Unions” from the agency late last month.
The letter to credit unions (LTCU 17-CU-02), titled “Risk-Focused Examinations and Compliance Risk,” explains that the supervisory guidance was developed to provide agency examiners with direction about the updated list of compliance risk indicators that are part of NCUA’s Risk-Focused Examination (RFE) Program. The updated list of indicators, the letter explains, does not impose any new or higher supervisory expectations for credit unions, and took effect March 31.
The letter notes that March 31 was also the effective date for the revised FFIEC Uniform Interagency Consumer Compliance Rating System, the principles of which, NCUA states, the agency has incorporated into the Compliance Risk Indicators. The agency noted in the letter that the supervisory evaluation of compliance is ordinarily conducted as part of NCUA’s risk-focused examinations of credit unions, not as a separate examination.
“The enclosed guidance will ensure NCUA examiners continue to take a consistent approach when evaluating a credit union’s ability to manage compliance risk,” wrote NCUA Acting Chairman J. Mark McWatters. “NCUA staff will also continue to consider such factors as the credit union’s size, complexity, and risk profile as part of their evaluation.”
The Supervisory Letter notes that the updated list of Compliance Risk Indicators that is outlined in the letter builds upon the current set of indicators and “provides additional guidance for field staff in assigning the compliance risk rating – one of the existing seven risk categories in the Risk-Focused Examination program,” the letter states. “The update reflects transformations in technology, business models, and members’ banking habits since the list of Compliance Risk Indicators were originally developed in 2002.”
The letter states that the update results “in a more comprehensive, integrated and transparent framework in evaluating a credit union’s ability to manage its risk of violations and non-compliance with applicable laws and regulations.”