Skip to main content
United States flag An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NCUA Chairman Todd M. Harper Remarks at the Defense Credit Union Council Annual Conference

August 2023
NCUA Chairman Todd M. Harper Remarks at the Defense Credit Union Council Annual Conference

As Prepared for Delivery on August 9, 2023

Good afternoon, everyone. And, thank you, Mike, for the kind introduction.

The credit union system is built on the enduring principle of “people helping people.” So, I’m honored to join you as the Defense Credit Union Council marks 60 years of service to those who serve the cause of preserving freedom for all Americans. Sixty years: That’s a significant milestone. And, it’s important to call it a milestone — and not a destination — because it’s clear that defense credit unions— just like our troops — are always on the move, whether that’s finding new and better ways to serve their members’ evolving financial needs or adapting to new challenges and growing in an increasingly unpredictable economic environment.

Credit Union System Safety and Soundness

For that unpredictability, we don’t have look any further than the issue of financial stability at certain depository institutions — namely the collapse of Silicon Valley, Signature, and First Republic banks — that dominated business news cycles in the spring. Those failures have demonstrated the importance of rapid and decisive regulatory action and led to questions about the impact of those events on the stability of the overall financial system as well as on the NCUA, credit unions, and their members. The recent turmoil within the banking system is also a reminder — for us all — of the need to carefully manage capital, interest rate, liquidity, and credit risks.

That’s why the NCUA has recently highlighted each of those risks as areas of focus in its supervisory priorities. In concentrating on these issues when examining credit unions, the NCUA must be forward looking, risk focused, and ready to act expeditiously, if needed. The NCUA also updated our guidance last September on how examiners work with credit unions exposed to the market risk of rising interest rates. By increasing clarity and flexibility, these changes to the supervisory framework for interest rate risk are a win for both examiners and credit unions.

However, credit union executives, supervisors, and boards of directors must remain diligent in managing the potential risks on their balance sheets and continue to monitor economic conditions and the interest rate environment. The good news is that the credit union system — overall — remains well positioned at this time to handle economic disruptions like a moderate recession. What’s more, the NCUA is well positioned, through the supervisory process, to address issues that may arise from broader market concerns about liquidity in the financial services sector. We will continue to watch credit union performance through the examination process, offsite monitoring, and tailored supervision. In addition, the agency is continuing to coordinate with other federal financial institution regulators to ensure the overall resiliency and stability of our nation’s financial services system.

Interest Rate Risk, Liquidity Risk, and CLF

Changes in inflation, the interest rate environment, and broader economic conditions over the last year call for extra vigilance. In fact, a credit union’s ability to manage interest rate risk will remain a crucial factor in its performance going forward.

The current economic uncertainty also underscores the value of the NCUA’s Central Liquidity Facility, otherwise known as the CLF. The CLF functions as an emergency liquidity backstop for the credit union industry, similar to the Federal Reserve’s Discount Window. And, while the CLF is an effective mechanism for managing liquidity risk, legislative enhancements would provide the NCUA with greater flexibility to respond to future liquidity events.

At the start of the COVID-19 pandemic, Congress allowed corporate credit unions to join the CLF and to serve as a CLF agent for a subset of the corporate’s members. However, when that temporary authority expired at the end of last year, more than 3,300 credit unions — all of which had less than $250 million in assets — lost access to the CLF. And, the CLF’s liquidity capacity contracted by nearly $10 billion.

Now is not the time to cut a liquidity lifeline. That’s why the NCUA Board is united in its legislative request to restore the CLF’s agent-member flexibility, and the agency will continue to engage with Congress on this legislative priority. I know that the Defense Credit Union Council also supports these statutory changes, so thank you. Additionally, well-run, and well-capitalized credit unions have access to the Federal Reserve’s Discount Window and the Bank Term Funding Program to manage their liquidity needs.

Whether your credit union chooses a liquidity facility operated by the NCUA or the Federal Reserve, it doesn’t matter, but it does matter that you establish access to a federal liquidity backstop before a liquidity event occurs. Once the pipes freeze, it’s difficult to restore liquidity. And, liquidity events can occur without much warning, as was the case in the collapse of Silicon Valley and Signature banks. So, please review your credit union’s liquidity options as soon as you return from this conference.

As always, the NCUA is committed to protecting credit union members and the safety and soundness of the credit union system. No one has ever lost a single penny of insured share deposits within the credit union system. And, maintaining your members’ confidence applies to both protecting their savings and ensuring their safe, fair, and affordable access to financial products and services.

Proposed Rule on Charitable Donation Accounts

To that end, the NCUA has recently taken an important step to facilitate the work of defense credit unions. In May, the NCUA Board unanimously approved a proposed rule on charitable donation accounts. The proposed rule would add veterans’ organizations, as defined in the Internal Revenue Code, to the definition of a “qualified charity” that a federal credit union may contribute to using a charitable donation account.

Your credit unions have fields of membership that specialize in serving military branches, military bases, veterans, and defense-related organizations. With this proposed rule change, the NCUA would allow you to better support your members and fulfill your missions. That’s good for veterans, good for military families, good for credit union members, good for credit unions, and good for our country.

The comment period on this proposed rule ended last week. The NCUA looks forward to analyzing and incorporating the feedback to finalize this rule in the coming months. In fact, we currently expect to finalize this rulemaking before the end of the year, so that more credit unions can start 2024 with a resolution to increase their support for veterans and military families.

Cybersecurity Risk

Many of you might have also heard me say that the single biggest credit union issue that keeps me up at night is cybersecurity. Ransomware, social engineering, and phishing are but a few of the known examples of the cyber threats we all face. But, what is more worrisome are the countless threats we do not know about. And, these risks are likely to continue and accelerate in the foreseeable future. Therefore, all of us must improve our cybersecurity practices.

Earlier this year, the NCUA began implementing its new Information Security Examination procedures for credit unions to prepare for, withstand, and recover from cybersecurity attacks. And, the NCUA’s Community Development Revolving Loan Fund included grants to support Digital Services and Cybersecurity in the 2023 initiative. We plan on announcing the recipients of those grants in September.

Furthermore, the NCUA’s new Cyber Incident Notification Rule goes into effect in September. With their close connection to the branches of the U.S. military and the federal government, defense credit unions are on the frontlines of the cyber warfare waged by foreign adversaries and their allies. That’s why each of us — the NCUA, state supervisory authorities, vendors, and defense credit unions — has a responsibility to protect our systems, improve our ability to recover from incidents, educate our teams, share information, and report and address potential vulnerabilities.

Our ability to monitor and mitigate cybersecurity risks has taken on greater urgency as more credit union operations migrate to credit union service organizations and vendors. Unfortunately, CUSOs and credit union third-party service providers do not have the same level of oversight as bank vendors, because the NCUA lacks the statutory authority to examine or supervise these entities. This growing regulatory blind spot in the financial system threatens our nation’s economic security, poses risks for the financial well-being of our citizens — and more immediately — potentially threatens the reserves of the NCUA’s Share Insurance Fund, should the problems and losses at a vendor lead to the collapse and failure of a credit union.

That, in turn, could result in a direct cost to your credit union in the form of premiums. It is, therefore, essential that stakeholders understand that the risks resulting from the NCUA’s lack of vendor authority are real and impact all of us. Until this growing regulatory blind spot is closed, thousands of federally insured credit unions, tens of millions of consumers who use credit unions, and $2.2 trillion in assets are exposed to potentially devastating risks. The Government Accountability Office, the Financial Stability Oversight Council, and the NCUA’s Inspector General have all recommended congressional action to provide the NCUA with this examination authority. I agree with these independent experts.

Restoring the NCUA’s authority over CUSOs and third-party vendors will bolster our nation’s national economic security, and it will save us all time and money in the long term. That’s just good business. And, from a customer service standpoint, it will give credit union members the same protection that bank customers enjoy, which they deserve.

For example, while a bank considering doing business with a vendor can access the exam report of a banking regulator as part of the bank’s due diligence process. A credit union, however, cannot. Wouldn’t you want your credit union to have the same access to vendor information as a bank? The NCUA, therefore, will continue to engage with Congress on this important legislative issue so this authority can be restored.

Artificial Intelligence

And, no discussion about the unavoidable march of technology into every nook and cranny of our lives is complete without mentioning artificial intelligence. We have all read the headlines and heard the stories about the potential of ChatGPT and other examples of generative AI. We have also seen the characterizations of and reactions to this innovation that range from a universal cure for all of society’s ills to extinction-level panic.

More realistically, artificial intelligence, like every new technology, offers both promise and peril. Our role is to maximize and deliver on the former while identifying and mitigating the risks of the latter. Some of the pitfalls in relying on artificial intelligence to make important, even life-changing decisions have already come to light.

In 1995, Fannie Mae and Freddie Mac launched automated underwriting software that promised to make the home loan approval process more efficient by using AI to assess the likelihood of a borrower defaulting on a loan. This technology was promised to be color blind, but it has unfortunately fallen far short of that goal. A 2021 report by The Markup found mortgage lending algorithms in the U.S. were 80 percent more likely to reject Black applicants,50 percent more likely to reject Asian and Pacific Islander applicants, 40 percent more likely to reject Latino applicants, and 70 percent more likely to reject Native American applicants compared to similar white applicants. Those numbers are startling and should absolutely cause concern.

Last week, in fact, we issued an NCUA Express email message reminding credit unions of their obligation to comply with Equal Credit Opportunity Act nondiscrimination requirements in their use of automated underwriting systems. And, earlier this year, the NCUA joined with other federal financial regulators to issue proposed rules for automated valuation models that incorporated fair lending principles. So, while AI can allow credit unions to smartly automate certain functions, like member communication and loan underwriting, it must be harnessed in a responsible way to ensure fairness, transparency, and consumer protection.

The NCUA is keeping a close eye on developments in this field and measures adopted by our peer regulatory agencies, so the credit union system can continue to innovate while remaining faithful to its statutory mission of meeting the financial needs of members, especially those of modest means.


In closing, the credit union system is rapidly changing and the NCUA must change with it. Today, the credit union system is more dynamic, complex, and larger with 426 credit unions holding $1 billion or more in assets, which includes 22 credit unions with more than $10 billion in assets. And, at the end of the first quarter of 2023, federally insured credit unions had nearly 137 million members and more than $2.2 trillion in assets.

In responding to these changes, the NCUA’s focus going forward will remain on the strength of the system, the needs and rights of credit union members, and the NCUA’s preparedness to respond to evolving security and economic conditions. As such, the NCUA will continue to be fair and forward looking; innovative, inclusive, and independent; risk focused and ready to act when needed; and engaged appropriately with stakeholders to develop effective regulation and efficient supervision. This regulatory philosophy will drive the NCUA’s actions in the years ahead.

In doing so, we will prioritize capital and liquidity, cybersecurity, consumer financial protection, and inclusion. And, by inclusion, I mean both diversity, equity, and inclusion within the NCUA and throughout the credit union system. And, to keep pace with the changing competitive and technological landscape, the NCUA will foster innovation within the agency and credit unions, while balancing consumer financial protection and financial stability. If we all do our jobs right, we will be successful in fulfilling the credit union system’s statutory mission of meeting the credit and savings needs of members, especially those of modest means, for generations to come.

DCUC has had the privilege of doing just that for its defense credit unions and their military members and families for six decades, so congratulations to you, Tony, and the entire DCUC team on this special anniversary.

With that, let me end my formal remarks. Thank you again for inviting me to join you today. Tony, I look forward to our conversation.

Todd M. Harper Cybersecurity
Last modified on