As Prepared for Delivery on November 13, 2019
Thank you very much for that kind introduction. It’s a pleasure to be here today to discuss some of the NCUA’s regulatory priorities and the state of the credit union industry.
What We’ve Done so Far
I took the helm at the NCUA seven months ago, and we’ve been extraordinarily busy over that time.
So I asked my team to look back and to give me a report on what we’d accomplished over the seven months.
They came back with an outstanding summary, and we all realized that we had a lot to be proud of in terms of how much we’d accomplished in such a short time.
For example, you all know that one of my top agenda items is regulatory reform. We’re examining our existing regulatory system to see where it can be made to work better so that we have a system that’s effective without being excessive.
On that front, in just the last seven months:
- We increased the threshold on appraisal requirements for commercial property from $250,000 to $1 million.
- We were the first federal banking regulator to issue interim guidance on doing business with the legal hemp industry, and with the interim final rule recently released by the USDA, more to come.
- We proposed a two-year delay of the implementation of the risk-based capital rule, which gives us time to work on improving it.
- We adopted the Payday Alternative Loans II rule, which responds to the market demand for a short-term, small-dollar loan program with an affordable solution.
- We’re also encouraging expanded employment opportunities for people who were convicted of minor crimes in their past, but who have paid their debt to society and are seeking a new path forward, through our Second Chance Initiative.
That’s just part of the story. I’d urge you to check out the entire list of achievements on the NCUA’s website.
There’s a great deal of outstanding work getting done at the NCUA and other federal agencies. That’s an important story to tell.
And that’s only the beginning. I’m proud of what we’ve achieved in seven months, but I want you to consider that as a down payment because I’m already looking ahead. Right now, we’re focused on what we can do in the next seven months, in the next year, in the next two years. Because the policy decisions we make now and in the next few years will have a big impact in terms of building on past successes and setting this industry up for enduring success in the future.
What You Can Expect from Us
So the question is, what should you expect from the NCUA in the coming months and years? First of all, because NASCUS is hosting us today, I want to reiterate my belief in, and support for, the value of the dual-chartering system. One of this industry’s strengths is the system of regulation and supervision in which federal and state authorities work cooperatively, with the common goal of a safer, sounder, more efficient, and more innovative credit union industry.
The solid relationship between the NCUA and our state regulators, built on mutual trust and respect, is absolutely essential to make that system work. At NCUA, we don’t see state regulators as adversaries or competitors — we seem them as valuable partners and a source of solid advice and ideas on a broad range of issues. Under my leadership, the NCUA will continue to work to strengthen that partnership.
A key part of that commitment will be handled through the NCUA-State Regulators Working Group. The working group was formed two years ago, to look for ways to reduce or eliminate unnecessary overlap between the prudential regulators of federally insured state-chartered credit unions and the NCUA. The goal is reducing the regulatory burdens wherever possible on federally insured, state-chartered credit unions while maintaining the safety and soundness of the industry.
The working group is also exploring ways we can learn from and leverage each other’s approaches to enhance the regulation and supervision of all credit unions, whether federal or state-chartered. Ultimately, what we’re working toward is clearer communication and increased cooperation between state and federal regulators, which will work to the benefit of everyone. A great deal of constructive dialogue, creativity, and mutual understanding has come out of this process. There’s a lot of great work being done on this front, and I look forward to what’s ahead.
You should also keep an eye out for some additional regulatory relief from our agency. For example, last month, the NCUA Board approved an increase to the limit on public unit and non-member shares for credit unions. This is timely and needed, and something we’ve been looking at as a way to give your institutions additional flexibility in managing your funding sources.
It’s a reasonable increase because the previous limit had been in place for over three decades. The industry and the number of members it serves have grown tremendously in that time. So, finding ways to help your institutions gain more access to capital — in a responsible way — will allow credit unions to serve the needs of your members and communities better.
This is especially true for small and low-income designated credit unions, many of which have high enough net worth levels that will allow them to take full advantage of this new authority. So they will particularly benefit from this important piece of regulatory relief.
What We Expect from You
So as we’re looking at a number of constructive changes and improvements to our systems and processes that leads us to the next question: what do we expect from you? First of all, I want to emphasize that your responsibilities haven’t changed: as always, credit unions should continue focusing on all the aspects of compliance that ensure the safety and soundness of this industry.
Be aware of the potential risks that are out there — interest rate risk, credit risk, liquidity risk — and make sure you’re performing the required analysis and that you have the appropriate plans in place to manage or mitigate those risks.
I know that addressing these risks probably goes without saying. But I emphasize this point because it’s the best preparation if the economy should enter a downturn. Right now, all the signs point to a strong economic picture — the most recent monthly jobs report was solid, and growth is steady. But we’ve all been in this industry long enough to know that business cycles are real, and we know those conditions are bound to shift at some point.
Even if we don’t know when it might happen, we know it’s inevitable. And when that change comes, we want the credit union industry to be prepared, so you can withstand the stresses of a challenging environment and emerge stronger.
We’re also encouraging credit unions to continue to focus on cybersecurity as a top priority. In 2018, it was estimated that financial losses due to cybercrime topped $2.7 billion. And we’ve all seen enough news stories about data breaches in every industry — banking, insurance, retail, health care, education, government, non-profits, and the list goes on and on — to know that any of our organizations are vulnerable to attack.
Hackers and thieves don’t take a break, so we can’t afford to, either. And when I say “hackers and thieves,” remember that the threats aren’t just external to your institution and your system: a data breach or theft can just as easily come from the inside.
For example, many of you probably saw the news this summer about the Canadian credit union that was the target of a massive security breach (opens new window) (You will be leaving NCUA.gov and accessing a non-NCUA website. We encourage you to read the NCUA's exit link policies. (opens new page).) . That breach resulted in the exposure of the personal data of 4.2 million. The culprit was not some teenager in his bedroom; it was one of the credit union’s own employees. The credit union took quick action. They identified and removed the employee, informed their members, and corrected the vulnerability. But that incident underscores how any of our institutions can be targeted in ways we haven’t foreseen.
Cybersecurity has been a top-level supervisory priority for the NCUA for years, and I intend to keep it on the front burner. Toward that end, I’ve named a special advisor, who reports directly to me, to coordinate our efforts. NCUA has a cybersecurity resources webpage to provide credit unions with important information, including regulations and guidance, about protecting themselves and their members from cyber threats. I encourage you to check out that page regularly.
But the reality is that while we can do a lot at the federal level, the most effective cybersecurity defense is always going to be the systems and processes in place at your institutions because you’re on the front lines.
So stay vigilant. Focus on prevention and work on hardening your IT infrastructure and systems against threats. Have a response and recovery plan in place in preparation for the day when, God forbid, you have to alert your members that your system has been breached.
The reality is that no institution is too large, or too small, to avoid being a target at some point. I urge everyone in our industry to continue working to keep our financial system, and the millions of Americans who entrust their assets to us, safe. I saw a news story that said t nearly 40 percent of executives in a survey said they weren’t prepared for a cybersecurity incident (opens new window) (You will be leaving NCUA.gov and accessing a non-NCUA website. We encourage you to read the NCUA's exit link policies. (opens new page).) . It’s amazing to me that it would still be so high after all we’ve seen in recent years. Regardless, let’s make sure that your credit unions are in the 60 percent that ARE prepared.
To be honest, I’ve only scratched the surface here today. There are a number of other issues that we could talk about as important priorities. For example, just last week, the NCUA hosted our first annual Diversity, Equity, and Inclusion Summit that brought together industry leaders for a constructive conversation of what more credit unions can do to improve their commitment to diversity. With the demographic changes our nation is undergoing, diversity and inclusion will only grow in importance — I know this is something you all take very seriously, and I commend you for that. Keep up the good work.
I want to emphasize that with all of the things we’re doing, we’re seeking to give credit unions the tools you need to serve your members better. We want you to have more flexibility to innovate, to create financial products that respond to your members’ needs, and to continue providing the highest levels of service to your communities.
At the same time, we’re focusing very carefully on maintaining the safety and soundness of the credit union system. So there’s a balancing act here. That’s what we’re striving toward, and so far, I’d say we’ve been pretty successful at striking the appropriate balance.
My philosophy is that our role as a regulator does not always have to be an adversarial one. Certainly, when there are industry actors who fail in their responsibilities, we’re going to hold them accountable. And we’re even bound by law or regulation to do some things that might not always be popular. That’s appropriate and part of the regulator’s job — it’s part of the balancing act I alluded to.
But we also want the NCUA and state regulators to be partners with you in helping your institutions, and by extension your members, to thrive and prosper in the long term. That means when we see the industry doing something positive, we’re going to encourage that. When we see there’s more the industry should be doing to live up to its values, we’re going to incentivize that.
If we continue to work together as we have, we’ll be well-positioned to maintain the credit union mission for “people helping people” for the next generations. Thank you very much.