2014 Exam priorities - Utah's Credit Unions
advertisement
Elizabeth A. Whitehead NCUA Region V Director NCUA UPDATE Utah’s Credit Unions Chairman/CEO and Volunteer Conference October 10, 2014 Agenda 1. National Trends 2. Examination Modernization 3. 2014 Exam Priorities 2 Credit Union Industry’s Trends Positive Trends in U.S. Credit Unions 2010 – 2014 2nd-Quarter 2014 Year-End 2011 Year-End 2012 Year-End 2013RD 0.67 % 0.85% 0.78% 0.81 % Net Worth 10.21 % 10.43 % 10.77 % 10.77 % Loan Growth +1.2 % + 4.6 % + 7.97 % + 8.91 % Loan Delinquencies 1.60 % 1.16% 1.01 % 0.85% Net Charge-offs 0.91 % 0.73 % 0.57 % 0.49 % Membership Growth + 1.5% + 2.2 % + 2.56 % + 3.63 % Return on Assets Risks on the Horizon Year-End 2009 Year-End 2010 3 Qtr. 2012 3 Utah Credit Unions’ Performance Trends in Utah Credit Unions Compared to U.S. Credit Unions 2nd-Qtr. 2014 RD U.S. Credit Unions 1.45 % 1.36 % 0.81% 9.4 % 10.27 % 10.40 % 10.77 % - 3.5% +3.9 % +8.54 % + 12.58 % + 8.91 % Delinquencies 2.37 % 1.47 % 1.24 % 0.72 % 0.85 % Net Charge-offs 1.53 % 1.06 % 0.55 % 0.43 % 0.49% Membership +0.2 % + 4.4% + 4.26 % + 6.37 % + 3.63 % Year-End 2011 Year-End 2012 Year-End 2013 0.56 % 1.20 % Net Worth 8.8 % Loan Growth Return on Assets Risks on the Horizon Year-End 2009 Year-End 2010 3 Qtr. 2012 Improving Credit Risk 2.0% Credit Risk Trends 1.8% 1.6% 1.4% 1.2% October 9, 2014 1.0% 0.8% 0.6% 0.4% 0.2% 0.0% Mar-14 2013 2012 2011 2010 2009 2008 2007 2006 Delinquency 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990 PLLL Exp to Avg Assets Net Charge Offs 5 Problem Credit Unions Decreasing CAMEL 3, 4, and 5 Institutions 2,500 19 21 16 2,000 341 11 12 374 312 7 11 302 295 1,480 1,471 2013 Mar-14 348 243 1,500 1,000 1,818 1,526 1,648 1,726 1,563 500 0 2008 2009 2010 CAMEL 3 2011 CAMEL 4 2012 CAMEL 5 6 Decline in Number of Credit Unions Number of Institutions (by asset size) 12000 2002 2014 9686 10000 8000 7891 6491 6000 4245 4000 2000 1353 1460 372 568 0 < $50 $50-250 250 - $1B 70 218 >$1 B Total 7 Three Credit Union Profiles Total Assets: $1.01 Trillion Percent Units Percent Assets 90% $50M 80% 70% $250M 79% 65% 60% 50% 40% 4,245 30% 23% 20% 10% 15% 6% 1,460 12% 786 0% Small Mid Large 8 EXAM MODERNIZATION 9 Completed Initiatives • Restored annual exam cycle for federal credit unions and larger FISCUs • Established Office of National Examination and Supervision (ONES) – Corporate credit unions and NPCUs with more than $10 billion in assets • Developed National Supervision Policy Manual • Implemented Small Credit Union Exam Program 10 Completed Initiatives • Exam Modernization (LCU 13-CU-09) – Updated exam report cover letter – Separated DOR and Findings – Simplified Overview, DOR includes full discussion of material problems – DOR status report – Status update template – Removed informal discussion items – Controls over DORs (cessation, follow-up, communication with management) 11 Initiatives in Process • • • • Small credit union exam techniques Enhanced questionnaire workbook Update of Examiner’s Guide AIRES update • Loan, Investment, Shares and ALM Analytics • Value added analytics reports available to CUs • Better coordination in pre-exam process = less time onsite(?) 12 2014 EXAM PRIORITIES 13 New Requirements Key Risks • Participation loans • Interest Rate Risk • Liquidity • Cybersecurity • CUSO • Fraud • Mortgage rules 14 New Requirements New Rule Effective Date Participation Loans September 23, 2013 LCU 13-CU-07 Liquidity Funding March 31, 2014 LCU 13-CU-10 CUSOs June 30, 2014* LCU 13-CU-13 and LCU 14-CU-07 * Registry when active CFPB Mortgage Rules January 10, 2014 LCU 14-CU-01 Regulatory Alert 14-RA-01 15 Changing Credit Union Balance Sheets 700 2013: 53% of loans 600 Increasing concentration results in increased interest rate risk sensitivity and slower increases in yields 500 400 1992: 34% of loans 300 200 100 Car Loans Credit Cards Other 2013* 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 Billions 20-Year Real Estate Loan Trends Real Estate 16 Changing Credit Union Balance Sheets 1,000 2013: volatile shares = 45% of shares 900 800 1990: volatile shares = 34% of shares 700 600 500 Increasing volatility and sensitivity from funding sources means costs will rise faster 400 300 200 100 Share Drafts Money Market Certificates 2012 2011 2010 2009 2008 2007 2006 Other 2013* Regular Shares 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 - 1992 Billions 20-Year Share Trends 17 Interest Rate Risk • Sophisticated balance sheets demand sophisticated and robust analysis • Interest rate risk rule in place (Part §741.3(b)(5)(i) of NCUA Rules and Regulations) – Requires written IRR policy and effective risk management programs – Rule does not apply to credit unions with less than $50 million in assets – Excess risk will be addressed through supervisory action 18 Cybersecurity 5,000 4,500 4,000 3,500 3,000 2,500 2,000 1,500 1,000 500 0 Dec-2009 604 473 4,493 Dec-2010 593 478 4,465 Dec-2011 567 472 4,424 Dec-2012 545 276 4,557 45 40 35 30 25 20 15 10 5 0 Dec-2013 491 224 4,515 Millions Web Services in FICUs Informational Interactive Transactional Number of Members That Use 30,247,099 33,071,055 35,727,978 38,912,728 42,328,858 Transactional Website Nearly half of all FICU members use a transactional website Cybersecurity risk affects credit unions of all shapes and sizes 19 Cyber Security • Growing Risk Exposure – Size is not so important for criminals anymore – Inter-connectedness compounds risk • Some key fronts – Financial Risk – Loss of Assets – Account Takeovers • $136 cost per capita worldwide - $188 in U.S. (source Ponemon Institute 2013 Study) – Reputation/financial Risk – loss of personal data function (ID Theft) • Target - Profit down 46% sales fell 5.3% since breach. (CBSnews.com) – 860+ Million Records Stolen since 2005 (privacy rights.org) 20 Cyber Security Some Recent Examples • • • • • • Target Breach - 40 million + records Heartbleed – 2 year vulnerability in SSL Internet Explorer vulnerability – May 2014 AOL Breach – April 2014 Michaels – April 2014 - 8 million card numbers CU Corporate Acct takeover - $100k outgoing before Corporate CU stopped. • DDOS Attacks on FICUs in 2013 21 Cybersecurity Key Fronts • Financial risk (loss of assets, account takeovers) – $136 cost per capita worldwide – $188 cost per capita in U.S. • Reputation/financial risk (loss of personal data function, ID theft) – 860+ million records stolen since 2005 – Target Corporation’s profits fell 46%; sales fell 5.3% following data breach (CBSnews.com) 22 Cybersecurity Program Elements 1) Cyber risk management and oversight • Cyber governance, cyber risk management, resources, training and culture 2) Threat intelligence and collaboration • Intelligence gathering, monitoring and analyzing, information sharing 3) Cybersecurity controls • Preventative, detective, and corrective controls 4) External dependency management • Connections, relationships and responsibilities 5) Cyber incident management and resilience • Incident detection and response, mitigation, escalation and reporting, resilience 23 Recent Fraud Areas in Credit Unions Corporate Lending Accts. Change Fund Major Areas of Control Weaknesses Lending Lending Process – Employee with ability to create and disburse loan without review Improvement: • - Employee with no other lending ability use New Loan report to verify • - Remove create or disburse ability Major Areas of Control Weaknesses Change Fund Vault & Change Fund Account – Head Teller with access to general ledger and control over physical vault and change fund Improvement: Dual counting of vault with independent reconciliation of count to general ledger Major Areas of Control Weaknesses IT Controls IT Employees with unlimited restriction – Employee has unlimited access to data processing system with no oversight. Improvement: : Review of IT employee transactions by employee independent of IT access. Reality is that this is very difficult to control. Internal Control Realities Good policies don’t equate to good controls Management override trumps all good controls Collusion between employees beats all controls Very challenging to implement good controls in small CU Supervisory Committees provide little to no comfort Types of Fraud • Financial Statement Fraud • Misappropriation of Assets 29 Financial Statement Fraud • Mask delinquent loans (bumping due dates) • Defer Loan charge offs (rewrite bad loans) • Increase earnings for year end bonuses (usually ALLL account) • Increase asset size for CEO contract negotiations (share CD specials) • Hide incompetency 30 Misappropriation of Assets • Stealing “borrowing” cash from change fund or teller drawers • Fictitious loan and loan payments • Unrecorded share deposits • Loans to family and friends • Unrecorded non-member share deposits 31 Fraud Hot Spots • Poor accounting/internal controls or unreconciled accounts (corporate statement) • Fictitious and fraudulent loans • Dormant/inactive accounts • Un-cleared overdrafts • Unrecorded shares • No internal audit function 32 Internal Controls to Mitigate Losses • Adopting travel expense policies and controls • Implementing a whistleblower policy • Restricting access to CU’s GL and corporate accounts, staff and related-party accounts. • Segregating duties • Rotating employee duties • Fraud training with emphasis on fraud prevention • Conducting mandatory investigations of all out-ofbalances or shortages 33 Control Framework Tier 1 Governance • Board Policies • Budget and Plans • Reports/Reporting • Procedures Tier 2 • Segregation Management • Control Reports Tier 3 Supervisory Committee • Internal Audits • External Audit • Active Oversight Controls can vary with the complexity of the organization Small institutions often have limited segregation of duties 34 Contact NCUA National Credit Union Administration Region V – Tempe, AZ 602-302-6000 region5@ncua.gov 35
