Dear Boards of Directors and Chief Executive Officers:
This letter provides important updates regarding the NCUA’s recent technology modernization efforts and outlines the implementation of key software tools.
In August, the NCUA will begin transitioning to several new modernized applications, which are listed below. These efforts include the implementation of emerging and secure technology that supports the NCUA’s examination, data collection, field of membership, and reporting efforts. These new applications will streamline processes and procedures and provide significant benefits to credit union users.
- NCUA Connect;
- Admin Portal;
- Consumer Access Process and Reporting Information System (CAPRIS);1
- Modern Examination & Risk Identification Tool (MERIT); and
- Data Exchange Application (DEXA).
Accessing the New Applications
Credit unions wishing to access these new applications must identify up to two individuals as Admin Portal Administrators with delegated responsibility for managing the users for their credit union. Once approved and confirmed by the NCUA, administrators can add users and grant application access. As part of the process, the administrator will be granted access to NCUA Connect to access the Admin Portal application. Administrator requests should be submitted to NCUA’s technical support team at OneStop@ncua.gov.
For CAPRIS, multiple common-bond federal credit unions should have received an email from CAPRISAdmin@ncua.gov with information to set up a credit union administrator. If you have not received the email or have general questions, please contact CURE at CAPRISInfo@ncua.gov.
For MERIT and DEXA, credit unions are encouraged to wait until they are notified of their first exam in MERIT before requesting and obtaining access, as there is no information specific to those organizations in the system until that time. Further, as part of enhanced security, user accounts are locked after a period of inactivity, and user access would need to be restored once notified of an upcoming examination.
To prepare credit unions for the transition to these new systems, the NCUA will provide credit union user training through various avenues, including:
- A self-paced training curriculum covering MERIT functionality available through the NCUA’s Learning Management Service;
- An instructional guide describing the Admin Portal functionality to manage users for your credit union and explaining how to access NCUA Connect;
- User guides, FAQs, and support materials for MERIT and DEXA can be found at: Enterprise Solution Modernization (ESM) Program | National Credit Union Administration (ncua.gov);
- A CAPRIS Federal Credit Union Users Guide with detailed steps to access and use the system will be posted on the NCUA’s website. (The guide will also be available in the Help section of the CAPRIS application); and
- Live webinars with question and answer sessions, available by registration. More details about training sessions for MERIT and CAPRIS and how to view them will be announced as soon as they are available.
The NCUA implemented a central user interface, known as NCUA Connect, where credit unions can securely interact with the NCUA. NCUA Connect is the primary entry-point to access MERIT, DEXA, CAPRIS, and the Admin Portal. The agency anticipates, however, adding more applications in the future to provide a streamlined user experience through a single point of entry for NCUA systems.2
NCUA Connect provides additional system security by authenticating and authorizing users with layered security and multifactor authentication during the log-in process. It also provides role-based access to applications.
The Admin Portal application provides confirmed, delegated credit union administrative users the ability to manage user access to NCUA Connect and NCUA applications for their organization, including adding new users, removing obsolete users, and resetting passwords.3
Consumer Access Process and Reporting Information System (CAPRIS)
The NCUA will be replacing its 21-year-old Field of Membership Internet Application (FOMIA) with the new Consumer Access Process and Reporting Information System (CAPRIS). Multiple common bond federal credit unions will use the enhanced system to submit field of membership expansion requests electronically.
Easier to use than FOMIA, CAPRIS will make adding occupational and associational groups more efficient. The NCUA will collect the same information, but CAPRIS provides an updated platform to collect that information. CAPRIS offers:
- Easier navigation;
- The ability to upload supporting documents; and
- Improved security features, including two-factor authentication and no shared credentials.
As CAPRIS is scheduled to begin operation on August 16, 2021, the current FOMIA application will be unavailable after August 12, 2021 to accommodate the transition to the new system. If you need to submit a field of membership expansion request between August 13 and August 15, you may forward your request to email@example.com.
If you receive an error message when using CAPRIS, please contact the NCUA at OneStop@ncua.gov.
Modern Examination & Risk Identification Tool (MERIT)
MERIT is the NCUA’s new examination tool with enhanced, integrated analytics that provide examiners with modernized visualizations to identify trends and potential risks in credit unions.4 MERIT gives examiners the ability to document examination results, generate the report issued to the credit union, and formally follow up on examination concerns. Additionally, the new application allows the NCUA and SSAs to work jointly together on examinations, reducing redundancy, increasing efficiency, and improving communication.
MERIT also offers an avenue for examiners to securely interact with credit unions and streamline the examination process. Some changes credit union MERIT users can expect to see include:
- Receipt of document request lists, also known as “surveys”;
- Electronic delivery of examination reports; and
- Examination concerns tracking and response workflows.5
Document Request List Surveys
MERIT allows credit unions to securely transfer documents to the NCUA and SSA exam team, as applicable, through the system’s “survey” functionality. Examiners can send a document request list (survey) through MERIT rather than through other manual or electronic means, thus improving the efficiency of the document request process. After logging into NCUA Connect and opening MERIT, authorized credit union users can respond to the survey, attach requested documents, provide supporting comments to specific line items, and securely send the survey back to the examination team.6 Document request surveys are organized by risk area and can also be delegated to other credit union users to help fulfill these examination requests.
Additionally, users can generate several survey inventory reports. Through these reports, users can see historical MERIT survey requests, open the survey form, and view all related documents and comments provided to the examiner.
Electronic Delivery of Examination Reports
MERIT allows examiners to securely send examination reports to credit union management at the conclusion of the exam.7 Authorized staff and officials may access MERIT and download the examination report from their dashboard, providing an easy and efficient way to access official reports. MERIT also retains a history of reports, allowing credit unions to view and download historical reports sent through the system, as needed.
Examination Concerns Tracking & Response Workflows
MERIT offers an electronic solution whereby credit unions can track outstanding concerns, document resolution progress, and send updates to the examiner. Further, credit union users can formally request due date extensions through MERIT if additional time is needed to correct the examination concern. These enhancements create more formal follow-up processes, document communications between the credit union and the examiner, and provide greater transparency in the examination process.
Data Exchange Application (DEXA)
DEXA is a separate application available on NCUA Connect used strictly as an ingest tool that provides authorized NCUA, SSA, and credit union users the ability to securely upload the credit union member loan and share data requested during the examination and supervision process.8 DEXA provides users with a history of file uploads as well as data validation reports for any files failing the upload process.9
To minimize the impact on credit unions and data processing vendors, DEXA utilizes the same data schema outlined in NCUA Letter to Credit Unions, 03-CU-05, Expanded AIRES Loan and Share Record Layout, which has been in use for many years.
The most notable change with the use of DEXA is the implementation of new, required loan and share mapping files that help facilitate data visualizations for examiners. These mapping files document the credit union’s individual loan and share type codes, if used, to a standard set of categories. The categories are similar to the 5300 Call Report fields used for loans and shares.10
Information security is a top priority for the NCUA. The overall system design, configuration, and management processes implemented during the modernization process align with industry standards and best practices, with great care being taken to protect sensitive information such as personally identifiable information.
The NCUA’s modernized systems are built on infrastructure that is thoroughly reviewed and ultimately certified by the Federal Risk and Authorization Management Program (FedRamp) “cloud” security certification process. Significant emphasis was placed on technical controls including, but not limited to, denial of service mitigation and multi-layer encryption of information in transit between users and the applications, as well as at rest.
Furthermore, the agency implemented strong administrative and physical controls including, but not limited to, rules of behavior, physical and personnel security, configuration management control, and routine security training.
As a federal agency, the NCUA must also comply with security standards for federal information and information systems, including all National Institute of Standards and Technology (NIST) standards and guidelines, Office of Management and Budget policies, and federal laws, such as the Federal Information Security Management Act. Additional information on the standards and controls that govern NCUA’s collection of examination and supervision information can be found on the agency’s website.
Please contact the NCUA’s Office of Business Innovation at BIMail@ncua.gov or the NCUA’s Office of Credit Union Resources and Expansion at CUREMail@ncua.gov if you have questions about the implementation of these new tools.
Todd M. Harper
1 CAPRIS will be used by multiple common-bond federal credit unions to request field of membership expansions.
2 Credit unions and state supervisory authorities can continue to use current methods, log-in names, and passwords to access other NCUA applications, like CU Online, until those systems are modernized and added to NCUA Connect.
4 MERIT replaces AIRES, a 25-year-old legacy application. The financial analytics combine several data resources together, including the Call Report data and trends data over time.
5 For the NCUA, examination concerns include Documents of Resolution and Examiner’s Findings. For SSAs, this includes similar actionable items outlined in examination reports.
6 All documents stored with the examination record will follow the NCUA’s approved records retention schedules.
7 For NCUA examinations conducted in MERIT, credit unions can expect to see a new report format, including updated organization and key ratios.
8 Authorized users include NCUA and SSA staff and approved credit union users. There is no data stored in DEXA.
9 DEXA file compatibility testing is available for credit unions and data processing vendors by submitting test loan and share download files to the NCUA’s Office of Business Innovation. Vendors seeking to submit a loan and/or share file to the NCUA for testing can email BIMail@ncua.gov. More information can be found on the DEXA webpage of www.NCUA.gov.