Skip to main content
United States flag An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NCUA Chairman Todd M. Harper Remarks at the 2023 Governmental Affairs Conference

February 2023
NCUA Chairman Todd M. Harper Remarks at the 2023 Governmental Affairs Conference
Todd M. Harper

NCUA Chairman Todd M. Harper address the audience at the 2023 Governmental Affairs Conference.

As Prepared for Delivery on February 27, 2023

Good afternoon, everyone. And, thank you, Antonio, for that kind introduction.

I also want to thank all of you for being here today. Your dedication to the credit union industry is admirable. And, that dedication is also part of the fabric of my family as my father started a teachers’ credit union in the 1960s. And, his father chaired the board of soap factory credit union in the 1930s. Even my mother has volunteered as a secret shopper at her credit union.

Together, it was their lessons about budgeting, saving, borrowing, and helping others that taught me much about financial security. And, that’s why I will focus today on a few key issues affecting the industry’s strength, as well as the financial security of consumers, and how we can all — collaboratively and proactively — address these issues. I call them issues, not problems, because while they pose challenges for the credit union system, they can also open the door to innovation and opportunity.

State of the Credit Union System

In terms of overall performance, federally insured credit unions remained on a solid footing last year. Total loans, assets, and insured shares all increased. Capital levels also remained strong. Economic activity — however — has begun to cool. Insured share growth has slowed, as some consumers have drawn down their built-up savings. Households are also taking on more debt. And, in the event of an economic slowdown, these factors could hinder borrowers’ ability to repay outstanding debt, exposing your credit union to greater levels of credit risk. That’s why we must all take actions to prepare for a downturn.

Interest Rate Risk

In fact, your ability to manage interest rate risk will be a crucial factor in your performance in 2023. Interest rates rose across the yield curve last year. As rates increase in the current economic environment, so does the associated risk that makes short-term liquidity events possible. The potential for sudden changes in either inflation, the rate environment, or the economy mean that you must remain nimble.

And, in recognition of the rapidly changing rate environment, the NCUA has updated its guidance for examiners on how to work with credit unions exposed to market risk. These changes to the supervisory framework for interest rate risk increased clarity and flexibility for both examiners and credit unions. That’s an example of all of us, working together, to strengthen the system.

Liquidity Risk and Central Liquidity Facility

And, that collaborative spirit is needed as the rise in rates has also heightened liquidity risks. As such, your credit union must closely monitor its risk levels and balance sheet.

The current economic environment also underscores the value of the NCUA’s Central Liquidity Facility. The CLF functions as an emergency liquidity backstop for the industry, similar to the Federal Reserve’s discount window. And, while the CLF is an effective mechanism for managing liquidity risk, legislative enhancements would provide the NCUA with greater flexibility to respond to future liquidity events.

At the start of the COVID-19 pandemic, Congress allowed corporate credit unions to become a CLF agent for a subset of their members. However, when that temporary authority expired at the end of last year, more than 3,300 credit unions lost access to the CLF. Without this provision, most small credit unions no longer have access to a critical liquidity resource. And, the CLF’s liquidity capacity contracted by nearly $10 billion. Now is not the time to cut a liquidity lifeline. That’s why the NCUA Board is united in its legislative request to restore the CLF’s agent-member flexibility, and the agency will continue to engage with Congress on this legislative priority.

Cybersecurity Risk

But, there’s another risk that keeps me awake at night — cybersecurity. Ransomware, social engineering, and phishing are but a few of the known examples of the cyber threats we all face. But, what worries me more are the countless threats we do not know about. And, these risks are likely to continue and accelerate in the foreseeable future. Therefore, all of us must improve our cybersecurity practices.

That’s why, starting this year, the NCUA will use our new Information Security Examination procedures. This new supervisory initiative is tailored to your credit union’s size and complexity, to help you prepare for, withstand, and recover from cybersecurity threats. The NCUA also encourages your credit union to use the Automated Cybersecurity Evaluation Toolbox. This free tool can help all credit unions, especially smaller credit unions, determine their level of cybersecurity readiness, and prepare them for the Information Security Examination.

And, just two weeks ago, the NCUA Board approved the cyber incident notification rule that sets parameters for what constitutes a reportable incident and the minimum notification requirements. Through these notifications, the NCUA will be better able to work with other agencies and the private sector to respond to cyber threats before they become systemic.

Vendor Authority

While this new rule strengthens industry resilience, we must still fix a regulatory blind spot — vendor authority. The NCUA lacks the same authority that banking regulators have to supervise third-party vendors. Unfortunately, risks in the credit union system often lurk beyond the NCUA’s reach, namely within credit union service organizations and third-party service providers. As a result, thousands of credit unions, tens of millions of consumers, and roughly $2 trillion in assets are exposed to potentially devastating risks.

Adopting new technology is essential for your credit union to remain competitive. But, leaving a hole in the financial system’s defenses means the credit union system is vulnerable to exploitation by bad actors who threaten our nation’s economic security and the financial well-being of our citizens.

To those who believe the NCUA already receives third-party vendor information from the banking regulators, this is false because our lack of vendor authority prevents the sharing of such information. To those who contend the NCUA’s examiners lack the necessary experience to supervise vendors, this is also false because many vendors perform essentially the same services as credit unions that the NCUA already examines for. And, to those who claim vendor authority is simply an excuse for the agency to increase its budget, this is also false because a risk-focused review of vendors would not necessitate the hiring of scores of additional exam staff.

But, there’s another issue here — competitiveness. Providing the agency with vendor authority will close an important loophole that puts the entire credit union industry at a competitive disadvantage. Why? Because once banking agencies complete an examination of a vendor, they share those findings with the vendor’s bank clients.

Credit unions, especially small ones, don’t have the same ability to access information about their vendors, even if they offer the same services to both credit unions and banks. This double standard prevents all of you in this room from better understanding the risks your vendors may pose to your members, operations, and reputations.

The NCUA’s supervision of credit union service organizations and vendors will bolster our nation’s economic security, and it will enhance your competitiveness. The NCUA therefore is committed to engaging with the new Congress on this vital issue.

And, if you still have doubts about the need for vendor authority, consider that the Government Accountability Office, the Financial Stability Oversight Council, and the NCUA’s Inspector General have all recommended congressional action to fix this blind spot. We should listen to these experts and close this gap.

Financial Technology

While today’s interconnected financial system makes us vulnerable to potential risks, the technology that links us to one another also presents opportunities. That’s because, with financial technology, credit unions can offer consumers greater convenience and speedier decisions about credit. New and innovative financial products and services can also lead to greater efficiency, inclusivity, and financial security. But they also carry risks like insufficient oversight by regulators, made even more precarious by the NCUA’s lack of third-party vendor authority, and the prioritization of rapid product development and rollout at the expense of consumer protection, fairness, and quality controls.

To make fintech work for everyone, products and services should be safe, fair, and affordable, regulators should have the ability to enforce compliance with laws and regulations, and consumers should understand their rights and protections.

Consumer Financial Protection

Now, I know that many of you have heard me say this before, but I’m going to keep saying it because it is part of my core beliefs: All consumers — regardless of their financial services provider of choice — should receive the same level of consumer financial protection. Yet, unlike the federal banking agencies, the NCUA does not conduct separate consumer compliance exams nor does the agency assign a separate consumer financial protection rating. It doesn’t seem fair that credit union members have less protection than bank customers.

During my four years on the NCUA Board, the agency has made some strides like increasing its fair lending exams and reviews. And, it’s why we are now creating consumer compliance specialist positions in the field, and starting the process to build out an enhanced consumer compliance exam program. And, as part of its supervisory priorities this year, the NCUA continues to focus on overdraft programs and will dive more deeply into certain features.

To that end, NCUA examiners will review website advertising related to overdraft programs, balance calculation methods, and settlement processes. And, examiners at federal credit unions with more than $500 million in assets will dig into authorize positive, settle negative transactions, as well as some other problematic fees. Our supervisory efforts here are aimed at creating a more equitable financial system that enables financial security for credit union members, especially those of modest means.

Minority Depository Institutions

And, thanks to the hard work of minority depository institutions, we all have made progress toward that goal. MDIs account for a sizable portion of the credit union system. In fact, one in ten federally insured credit unions is an MDI. Preserving MDIs is therefore fundamental to the NCUA’s mission.

That’s why the NCUA implemented its support program for small credit unions and MDIs last year. The program assists these credit unions by identifying available resources, providing training and guidance, and supporting management in their efforts to address operational matters.

But, we are also assisting MDIs in other ways, such as adjusting our supervisory procedures to recognize MDIs’ unique business models that often allow for higher expenses, charge-off rates, and delinquencies compared to federally insured credit unions overall. Using peer metrics to compare an MDI to a non-MDI in the same asset class is like comparing an apple to an orange. It makes little sense.

That is why the agency has recently developed new MDI-specific procedures to guide examiners. This customization will yield more useful peer metrics for MDIs to improve their policies, processes, and products to better serve their members’ and communities’ needs. And, it will result in an apples-to-apples comparison. That’s good for the entire credit union system.

Community Development Revolving Loan Fund Increase

And, there’s one other piece of good news that I want to share. Congress has appropriated $3.5 million for this year’s Community Development Revolving Loan Fund grant round. That’s more than double last year’s amount. With this additional funding, the NCUA can now make more grants and bigger grants.

This year, low-income credit unions and MDIs will be able to use these grants to better defend themselves against cyber threats, facilitate credit union partnerships, and expand access to safe, fair, and affordable financial products and services in under-resourced communities. We will formally announce the availability of these funds in March.


So, in closing, everything the NCUA does boils down to protecting and benefiting the more than 134 million member-owners, who entrust their hard-earned savings to federally insured credit unions. We can never lose sight of that fact. That’s why we all need to remain focused on interest rate, liquidity, cybersecurity, and consumer compliance risks. And, it’s why we all need to further evolve our support for small credit unions, MDIs, and low-income credit unions.

Done right, our work — together — can level the playing field and create opportunities for everyone to build wealth. Your credit union has a chance to make a real difference in the lives of your current members and the lives of future generations. Let’s commit to making that happen.

Thank you.

Todd M. Harper Cybersecurity
Last modified on