Skip to main content
United States flag An official website of the United States government

NCUA Chairman Todd M. Harper’s Remarks at NASCUS’s State System Summit (S3)

August 2023
NCUA Chairman Todd M. Harper’s Remarks at NASCUS’s State System Summit (S3)
NCUA Chairman Todd M. Harper during a fire side chat at the 2023 NASCUS State System Summit in Nashville, Tenn.

NCUA Chairman Todd M. Harper during a fire side chat at the 2023 NASCUS State System Summit in Nashville, Tenn.

As Prepared for Delivery on Sunday, August 27, 2023

Good afternoon, everyone. And thank you, Brian, for that kind introduction.

We at the NCUA have long been fortunate to maintain a strong working relationship with NASCUS and state regulators through the years. It is a mutually beneficial partnership that has yielded innovative and effective tools and examination processes that promote members’ financial security, advance supervisory efficiency and regulatory effectiveness, ensure the safety and soundness of the credit union system, and foster greater economic and financial stability.

To that end, the NCUA’s regional offices and Office of National Examinations and Supervision can now use the recently modified operating agreement template to enter into new operating agreements with state regulators. In addition, the NCUA-SSA Working Group worked closely with NASCUS and state agencies to develop a list of lessons learned from the Alternating Exam Pilot Program. Based on these insights, the NCUA will soon consider whether to formally implement an alternating examination program. And, that collaborative spirit between the NCUA and the states will be greatly needed as the U.S. financial sector faces growing threats due to poor risk management at some financial institutions and rising economic concerns for the balance sheets of all credit unions.

Economic Environment and Exam Program Outlook

Recent trends in the economic environment give us reason for cautious optimism, with an emphasis on the word “cautious.” Economic growth in the first quarter was approximately two percent on an annual basis, and the second quarter saw similar, though slightly higher growth. Economists, however, are forecasting a slowdown later this year, as the lagged effects of elevated interest rates take hold. Unemployment remains relatively low at 3.5 percent as of July, and job growth generally has been quite strong.

That said, the July increase in employment still trails the gains made over the last year or so. And, as the most recent indicators suggest, the rate of inflation remains far below last year’s rates and continues to decelerate. Nevertheless, we have not yet achieved a sustained period of inflation at or below the Federal Reserve’s two-percent target. Consumer sentiment is still generally guarded but has improved since last year, likely a reflection of the improving inflation situation. And, although the cost of living is no longer rising at the same pace, many households are still showing signs of significant financial strain, as seen in rising delinquency rates for various loan types, including auto loans and credit cards as well as growing home equity lines of credit balances. The Federal Open Market Committee is expected to raise rates further, but any inflationary “surprises” in the coming months could put further pressure on household finances.

For credit unions, credit risk has heightened, especially in the commercial real estate market. And, for that reason, the NCUA has expanded its commercial real estate monitoring efforts to include closely scrutinizing loan performance, conducting risk assessments and scenario analysis based on loan exposures, developing enhanced review procedures for credit unions with elevated risk profiles, and undertaking targeted reviews at higher risk credit unions. Additionally, the NCUA worked with other federal banking agencies — and in consultation with state bank and credit union regulators — to issue the interagency Policy Statement on Prudent Commercial Real Estate Loan Accommodations and Workouts in June.

The high levels of interest rate risk we are seeing can also increase a credit union’s liquidity risks, contribute to asset quality deterioration and capital erosion, and put pressure on earnings. As such, the NCUA distributed a letter to credit unions last month reiterating the importance of liquidity risk management and contingency funding plans, which can include membership in the NCUA’s Central Liquidity Facility and access to the Federal Reserve’s discount window.

In a similar vein, we added a requirement this year for examiners to review the liquidity policy and a list of contingent liquidity sources on our defined-scope exams for small credit unions. Ultimately, the volatility of the current interest rate, economic, and commercial real estate environments underscore the need for credit union executives, managers, and boards to remain careful in managing the potential risks on their balance sheets, and vigilant in monitoring economic conditions and the interest rate environment.

Cybersecurity Risk

On the topic of vigilance, we must continue to prioritize cybersecurity. Ransomware, social engineering, and phishing are but a few of the known examples of the cyber threats we all face. But what is more worrisome are the countless threats we do not know about. And these risks are likely to continue and accelerate in the foreseeable future. Therefore, all of us must improve our cybersecurity practices.

Earlier this year, the NCUA began implementing its new Information Security Examination procedures for credit unions to prepare for, withstand, and recover from cybersecurity attacks. Furthermore, the NCUA’s new Cyber Incident Notification Rule takes effect on Friday. The agency issued a Letter to Credit Unions earlier this month detailing the process for federally insured credit unions to report cyber incidents, using either a dedicated hotline or a secure email channel. In receiving these reports, we will use our newly implemented Cyber Incidents for Credit Unions Reporting tool to assess the information and decide on next steps, including following up with the reporting credit union for additional information or clarification.

Vendor Authority

What’s more, our ability to monitor and mitigate cybersecurity risks has taken on greater urgency as more credit union operations migrate to credit union service organizations and other vendors. These service providers are on the frontlines of the increasing adoption of artificial intelligence and instant payments by financial institutions hoping to better serve their customers’ evolving needs.

Unfortunately, CUSOs and credit union third-party service providers do not have the same level of oversight as bank vendors, because the NCUA lacks the statutory authority to examine or supervise these entities. This growing regulatory blind spot in the financial system threatens our nation’s economic security, poses risks for the financial well-being of our citizens — and more immediately — potentially threatens the reserves of the National Credit Union Share Insurance Fund, should the problems and losses at a vendor lead to the collapse and failure of a credit union. That, in turn, could result in a direct cost to credit unions in the form of premiums.

It is, therefore, essential that stakeholders understand that the risks resulting from the NCUA’s lack of vendor authority are real and impact all of us. Until this growing regulatory blind spot is closed, thousands of federally insured credit unions, tens of millions of consumers who use credit unions, and trillions in assets are exposed to potentially great risks.

The Government Accountability Office, the Financial Stability Oversight Council, and the NCUA’s Inspector General have all recommended congressional action to provide the NCUA with this examination authority, which would place the NCUA on par with all federal banking regulators and many state credit union regulators. I agree with these independent experts.

Restoring the NCUA’s authority over CUSOs and third-party vendors would bolster our national economic security, and it would save us all time and money in the long term. That’s just good business. And this capability will be forward-thinking by ensuring proper oversight of the CUSOs and third-party vendors poised to capitalize on financial institutions’ growing appetite for AI and real-time payments services. Plus, from a customer service standpoint, it will give credit union members the same protection that bank customers enjoy, which they deserve.

For example, a bank considering doing business with a vendor can access the exam report of a banking regulator as part of the bank’s due diligence process. A credit union cannot. For those of you in the audience who are credit unions, wouldn’t you want your credit unions to have the same access to vendor information as a bank down the street? The NCUA, therefore, will continue to engage with Congress on this important legislative issue so this authority can be restored.

Artificial Intelligence

And, speaking of artificial intelligence, all of us have read the headlines and heard the stories about the potential of ChatGPT and other examples of generative AI. We have also seen the characterizations of and reactions to this innovation that range from a universal cure for all of society’s ills to extinction-level panic.

More realistically, artificial intelligence, like every new technology, offers both promise and peril. Our role as regulators and supervisors is to maximize and deliver on the former while identifying and mitigating the risks of the latter. Some of the pitfalls in relying on artificial intelligence to make important, even life-changing decisions have already come to light.

In 1995, Fannie Mae and Freddie Mac launched automated underwriting software that promised to make the home loan approval process more efficient by using AI to assess the likelihood of a borrower defaulting on a loan. This technology was promised to be color blind, but it has, in reality, fallen far short of that goal.

A 2021 report by The Markup found mortgage lending algorithms in the U.S. were 80 percent more likely to reject Black applicants, 50 percent more likely to reject Asian and Pacific Islander applicants, 40 percent more likely to reject Latino applicants, and 70 percent more likely to reject Native American applicants compared to similar white applicants.1 Those numbers are startling and should absolutely cause concern.

At the beginning of August, in fact, we issued an NCUA Express email message reminding credit unions of their obligation to comply with Equal Credit Opportunity Act nondiscrimination requirements in their use of automated underwriting systems. And, earlier this year, the NCUA joined with other federal financial regulators to issue proposed rules for automated valuation models that incorporated fair lending principles.

So, while AI can allow credit unions to smartly automate certain functions, like member communication and loan underwriting, it must be harnessed in a responsible way to ensure fairness, transparency, and consumer protection. In addition to the possibility for “hardwired” bias I just described, other factors need to be considered in the development and deployment of AI solutions.

For example, how accurate, reliable, and robust are the underlying algorithms? Are users aware of the privacy implications of sharing their information with a system that amasses vast amounts of data to function as designed? And, perhaps most importantly, is there an easily accessible off-ramp for human interaction?

The NCUA is keeping a close eye on developments in this field and measures adopted by our peer regulatory agencies, so the credit union system can continue to innovate while remaining faithful to its statutory mission of meeting the financial needs of members, especially those of modest means.

Real-Time Payments

Now, that’s not to say that technology’s role in the financial services landscape is all doom and gloom. Far from it. In fact, technology can facilitate a better member experience, mitigate risks, and should be able to advance financial inclusion.

One case in point is FedNow, the around-the-clock instant payment network recently launched by the Federal Reserve. FedNow joins other instant payment services like PayPal, Zelle, and Venmo to give consumers 24-hour access to their money and the ability to conduct transactions in real time.

And it is no exaggeration to say real-time payments are both the present and future of financial services and products. Indeed, they have recalibrated customer expectations for what depository institutions should offer to keep their business. In addition, two important benefits of instant payments — convenience and cost savings — chip away at the barriers to financial inclusion.

They give consumers and businesses more control over their money and reduce the time and cost of receiving payments, which makes them more economically resilient. Moreover, consumers who use instant payments vehicles could be at a lower risk of incurring penalties and fees on their bank accounts.2

That said, the availability and velocity of funds under an instant payment regime are cause for both excitement and concern. Faster settlement has inherent risks and can pose liquidity and risk management challenges for financial institutions. And, because instant payments are irrevocable, they present an enticing opportunity for fraudsters to steal the hard-earned savings of victims with little to no recourse for recovery.

That’s why credit unions and banks must prioritize instant payments security by applying sound anti-fraud and cybersecurity measures. FedNow has put safeguards in place to help financial institutions control outflows, such as restricting its use to retail customers and the ability to switch to a receive-only mode.3 Staying ahead of bad actors to realize the promise of these innovations without jeopardizing consumers’ financial well-being will require close collaboration among all stakeholders.


In the same spirit, the federal-state partnership enables us to address emerging risks in the credit union system expeditiously and to protect credit union members. While we cannot predict whether another financial institution will make headlines for all the wrong reasons in the months ahead, we can work together to maximize the credit union system’s preparedness and resilience for such contingencies. Each of us in this room has a responsibility to ensure that the credit union system is safe, fulfills its statutory mission, and lives up to its full potential by meeting the credit and savings needs of members, especially those of modest means. That’s why it’s vital for federal and state regulators to keep our dialogue and cooperation going.

On that note, thank you again for inviting me to be with you today. Brian, I look forward to our conversation.

1 (You will be leaving and accessing a non-NCUA website. We encourage you to read the NCUA's exit link policies. (opens new page).) , as cited in (You will be leaving and accessing a non-NCUA website. We encourage you to read the NCUA's exit link policies. (opens new page).) .

2 (You will be leaving and accessing a non-NCUA website. We encourage you to read the NCUA's exit link policies. (opens new page).) .

3 (You will be leaving and accessing a non-NCUA website. We encourage you to read the NCUA's exit link policies. (opens new page).) .

Last modified on