NCUA Chairman Rodney E. Hood Remarks - National Council of Firefighter Credit Unions 2019 Annual Conference

As Prepared for Delivery on October 3, 2019

Thank you very much, Jerry, for the introduction. And thank you all for being here today, and for hosting me.

I last spoke to this group about 10 years ago. At that difficult time, our nation was facing its most severe economic challenge in decades. The worst economic crisis since the Great Depression was more than a year old and still had several years to run.

I always like to point out to people that there were several causes for that downturn, but credit unions were not one of them. Nonetheless, you all certainly had to endure the fall-out from other people’s misjudgments and, as our securities litigation demonstrated, dishonest behavior.

Faced with that challenge, not at all of your own creation, you shepherded your institutions and your members through some seriously tough times. That leadership played an important role in the subsequent recovery — you did your part. You should be proud of your efforts to protect your institutions and your members.

And we see the results of that far-sighted stewardship. Today, our system of federally insured credit unions holds more than $1.5 trillion in assets. More than 118 million members of federally insured credit unions know they can confidently entrust their savings and their financial well-being to institutions like yours.

That’s part of a larger story of steady economic growth that has brought real gains to many working families. We should be proud of that progress, but never entirely satisfied. We need to continue to work and move the economy forward, create jobs, and welcome more Americans into the financial mainstream. Credit unions have historically played a critical role in that progress, and I expect that to continue in the years to come.

So the last 10 years have been good to the credit union industry, because this industry has focused on doing good for its members and communities. Our challenge is, how do we keep that progress going?

I’d like to talk to you today about some of the things we’ve been doing at the regulator’s level to build on that progress and keep this industry strong, and where we’re headed.

Regulatory reform: A System that’s Effective, not Excessive

Since I was sworn about six months ago, regulatory reform has been among my top priorities. We all agree that clear rules serve to create confidence, fairness, and accountability. We need well-crafted regulations to ensure the safety and soundness of the credit union system. That’s why I want to see a regulatory system that is effective, but not excessive.

It goes without saying that we must uphold the highest standards of integrity, accountability, and transparency. Everyone in this room agrees with those principles.

At the same time, we also have to be realistic about regulatory and compliance burdens. We need to have the ability to look hard at those burdens and see where it makes sense to provide some relief.

When it comes to financial services, there aren’t a lot of constants, but one thing you can always count on is change. That comes with the territory when you’re competing in a shifting and dynamic marketplace.

But all too often, our regulatory framework is rigid and static, based on old realities, rather than the realities of today. One thing I hear frequently from industry leaders is that outmoded regulations pose a real challenge to your institutions.

That’s why the NCUA has been working steadily to modernize our regulatory system. That means modifying, updating, or in some cases eliminating regulations that may have served a purpose at one time but no longer fit with today’s realities.

Our goal is to create a more responsive system that encourages innovation and gives you the flexibility you need to better serve your members, all the while fulfilling our primary mission of protecting safety and soundness.

To that end, the NCUA Board has, in the past few months:

• We’ve increased the threshold on appraisal requirements for commercial property from $250,000 to $1 million. This rule will go into effect later this month.
• We’ve proposed an increase to the limit on non-member deposits, which will provide credit unions with significant additional flexibility in managing their funding sources.
• We’ve issued interim guidance, the first of any federal banking regulator, on doing business with the legal hemp industry in an effort to give your institutions some clarity that will help you to respond to changes in the law for this exciting new industry in rural America.
• We’ve proposed to delay the risk-based capital rule for two years, so that we can explore improvements to it.
• We’re also encouraging expanded employment opportunities for people who were convicted of minor crimes in their past, but have now paid their debt to society and are seeking a new path forward.
• We’ve adopted the Pay Day Loans Alternative Rule II, which is a free-market solution that responds to the need for small-dollar lending in the marketplace. 
• And we have much more to come included subordinated debt to be counted as regulatory capital for a broader range of credit unions.

Let’s be clear: the goal is never to just get rid of regulations for the sake of getting rid of regulations. The goal is a regulatory system that is effective, but not excessive, so you can go about your vital work of lending and providing your members with the highest level of service and quality, affordable financial products.

The Cybersecurity Challenge: ‘Stay vigilant’

We need to bring fresh thinking to our regulatory approach because, as I noted, you’re competing in a dynamic and changing marketplace. You’re competing in an environment in which you face challenges and threats that just a few years ago were virtually unimaginable.

Let’s take, for example, cybersecurity. I imagine this is a concern that causes a lot of anxiety for many of you. I know it’s one of the things that keep me up at night. Because October is National Cybersecurity Awareness Month, I’d like to take a few minutes to talk about this issue.

The first thing you need to know is that, for the federal government, cybersecurity remains a top priority. I know when you look at the news out of Washington today, you may not hear about it. The partisan rancor by some in Washington can obscure the fact that a lot of important work is getting done under the Trump Administration.

The Trump administration has been providing strong, consistent leadership on this front. To take just a few examples:

• In 2017, the administration issued an Executive Order on Strengthening the Cybersecurity of Federal Network and Critical Infrastructure.
• In 2018, the administration issued the first comprehensive National Cyber Strategy in 15 years.
• Congress passed legislation to create the Cybersecurity and Infrastructure Security Agency, which the president signed into law last November.
• In May of this year, the president signed an executive order on America’s Cybersecurity Workforce to provide more access to cybersecurity skills training and advance career opportunities in the public and private sectors.

These are positive steps that emphasize the importance of cybersecurity. That emphasis percolates down through all the federal agencies.

At the NCUA, cybersecurity has been one of our supervisory priorities for several years now, and it will remain a top priority for the agency during my chairmanship. For example, I recently appointed a cybersecurity advisor who reports directly to me.

Our initial focus is on:

• Advancing consistency, transparency and accountability within the cybersecurity examination program; stimulating due diligence for supply chain and third-party service provider management within the institutions
• Assisting intuitions with resources to improve operational hygiene and resilience; and ensuring the NCUA’s systems and the information we collect is secure; and
• We’re always seeking to share information on best practices for cybersecurity, to assist your success in carrying out your responsibilities.

If you haven’t checked out our Cybersecurity Resources page at the NCUA.gov website recently, I encourage you to do so, as it includes a lot of helpful information about preparing for and responding to cyber incidents. I anticipate we’ll have more news on cybersecurity in the next few months, so stay tuned.

But no matter how much government agencies do, the front line against a data breach or any other kind of cybersecurity incident is always going to be at the industry level. Hardening our IT infrastructure and systems is definitely a public-private partnership, and we want to work together with you to make sure that your institutions and your members are protected.

That also means being aware of the full spectrum of possible threats. You know, if your idea of a hacker is based on what you see in the movies, you might think your biggest threat was some teenager in a hoodie breaking into your system from his home computer. But remember that, in many cases, the biggest threats are much closer to home or are escalated by a foreign adversary.

For example, many of you may have seen this news: In June, the Canadian credit union federation Desjardins, was the target of a massive security breach that resulted in the exposure of the personal data of 2.9 million members. The culprit was not some outside hacker; it was one of the credit union’s own employees. The credit union acted quickly to identify and remove the employee, and they took steps to inform their members and correct the vulnerability. That episode serves as a sobering reminder of how serious the threat can be, and how any institution can be targeted in ways they haven’t foreseen.

So stay vigilant. Focus on prevention and hardening your IT infrastructure and systems against threats. And I wish I didn’t have to say this, but have a response and recovery plan in place in preparation for the day when, God forbid, you have to alert your members that your system has been breached. The reality is that no institution is too large, or too small, to avoid being a target at some point.

The Promise of Financial Technology

So it’s not all gloom and doom, we should also consider the promises that technology is bringing to our industry. The financial technology sector right now is creating a different type of challenge in the form of new ways of doing business and new customer expectations.

The fintech sector is growing and sending a clear message to the financial industry that “business as usual” may not always be a viable business model. It’s important that we plan and prepare for these changes, because they’re here, and there’s more on the way.

We can go down the list: mobile banking, digital payments, artificial intelligence, data aggregation, or whatever may come next that you and I can’t even imagine yet. We know these trends are changing how you engage with your members. They’re going to change how you analyze lending risk. They’re going to change how you market and deliver your products and services.

These are big challenges, and trust me, you’re not alone. The NCUA and every other financial regulator is facing the same challenges in knowing how to respond to these rapid changes.

But when I talk about these challenges, I want to encourage you to approach them not as things to be feared or avoided.

Instead, look at them opportunities to serve your members, your employees, and your communities even more effectively. Fintech is creating an outstanding opportunity to improve customer service, to expand access to affordable financial services, to offer new types of financial products, and to support your community in new ways. So, let’s look at ways we can embrace it and make it work for the credit union industry.

Conclusion

I began my remarks by thanking you for inviting me here. It’s an honor and a pleasure.

And I want to conclude by thanking you for your service, as firefighters and first responders and as leaders of your credit unions.

The goal of your work, in both those roles, is to keep people safe and help them when they need help.

People trust you; they depend on you; they need you. For firefighters and first responders, people’s lives are often literally in your hands.

A credit union is responsible for protecting its members’ hard-earned money and for helping them build greater financial security.

There are about 165 federally chartered credit unions that have firefighter groups within their fields of membership, and every one of your institutions is making a difference by serving those who serve us all. I always emphasize that the core of the credit union mission is "people helping people," and you and your credit unions' members embody that principle in both areas of your lives.

Just last week, there was a striking story in the news, one that many of you may have seen. It was about the most recent class at the New York Fire Academy, which was graduating 301 new firefighters who will now join the city Fire Department. Among those 301 graduates were 13 men and women who lost a parent in the line of duty on September 11, 2001.

One of the graduates, a young woman who was nine years old when her father died that terrible day, and whose two brothers are also firefighters, was quoted: "Every day that I came to the academy,” she said, “I was grateful to be there and to follow in the footsteps of my father, brothers, uncle and all those who came before. This is exactly where I want to be."

You hear that and you think, what a beautiful illustration of our values: the commitment to service, the willingness to step forward to protect your communities, and the strong sense of duty and tradition.

You can take pride in knowing that your institutions are providing your brothers and sisters and their families with the financial security they need to continue living those values.

Thank you very much.