Skip to main content
United States flag An official website of the United States government
Show

Lessons Learned - Postmortems and Material Loss Reviews

Disclaimer

This document summarizes and analyzes the weaknesses believed to have caused certain credit unions to fail over a recent 5-year period and identifies some leading practices credit unions may consider in their own operations to avoid similar problems. While the NCUA believes the observations and leading practices in this document might have addressed or eliminated problems in these cases, each credit union failure involves unique circumstances. Thus, implementing one or more of the practices in this report may not prevent a future credit union failure. Even if a credit union takes actions consistent with these practices, NCUA examiners will review the practices and assess the credit union’s strengths and weaknesses as they would in any examination. The practices are general guidance, advice, and suggestions that are not intended to create new, binding requirements or to supersede existing requirements.

The NCUA takes reasonable measures to ensure the quality of the information contained in this document, but it makes no warranty, express or implied, nor assumes any legal liability or responsibility for the accuracy or effectiveness of the information or practices discussed, nor does it represent that the use of the information and practices would not infringe upon privately owned rights.

Background

When a credit union fails, a postmortem or material loss review (MLR) may be performed to:

  • Determine and analyze the causes of credit union failures which result in losses to the National Credit Union Share Insurance Fund (Share Insurance Fund);
  • Identify improvements in early detection and mitigation of problems before they result in a loss to the Share Insurance Fund;
  • Assess the strengths and weaknesses of the NCUA’s various supervision and risk management policies and programs; and
  • Develop recommendations to improve the NCUA’s programs and training.

Postmortems and MLRs highlight what policies, procedures, and practices the NCUA can strengthen, enhance, or emphasize to avoid similar credit union failures and Share Insurance Fund losses. The goal is to learn from the past and continually improve the NCUA’s regulatory and supervisory approaches.

The NCUA’s Office of Examination and Insurance (E&I) reviewed postmortems from 2015 to 2020 and MLRs from 2016 to 2021.1 This report summarizes the weaknesses that led to the failures. The focus of this paper is not on the supervisory efforts of the NCUA or any state supervisory authority for the failed credit unions, as these efforts are covered by the postmortems and MLRs themselves. Rather, the focus is on what insights this information may provide for credit union boards of directors and senior management to help them avoid the problems that led to the failure of the credit unions covered in this report.

Causes of Failures

Ineffective Management or Lack of Oversight

  • Of the 16 postmortems and MLRs reviewed, 15 cited ineffective management or lack of oversight as a contributor to the credit union’s failure.
  • The following common weaknesses were noted:
    • Supervisory Committee
      • Lack of compliance with annual audit requirements.
      • Lack of periodic review of credit union operations to ensure compliance with policies and regulations.
      • Lack of follow-up on audit findings.
      • Unacceptable verification of members’ accounts.
    • Board of Directors
      • Failure to require sound underwriting and controls over the credit union’s lending function.
      • Inadequate involvement and oversight.

Fraud

  • Of the 16 postmortems and MLRs reviewed, 13 cited fraud as a contributor to the credit union’s failure. Almost every fraud instance was due to insider fraud.
  • The failed credit unions with fraud as a contributor lacked practices that deter fraud such as:
    • Strong internal controls.
    • Periodic review of internal controls.
    • Consistent enforcement of internal controls.

Poor Internal Controls

  • Poor internal controls were cited in 12 of the 16 failed credit unions reviewed.
  • As mentioned previously, poor controls can increase the risk of fraud, but poor controls can also allow errors, policy violations, and material misstatements of financial activity to go unnoticed.

Credit Risk

  • Of the 16 postmortems and MLRs reviewed, credit risk was a contributor to failure of four credit unions.
  • Weaknesses observed in these instances include:
    • Weak lending practices resulting in poor loan quality, such as granting loans without adequate underwriting to borrowers with poor credit histories.
    • Failure to manage the credit risk, including failure to perform timely and consistent collections or charge-offs and repeatedly giving loan extensions month after month on the same loans.
    • Poorly implemented new loan programs, such as implementing a new loan product without properly tailored underwriting, collections, controls, and oversight.
    • High loan concentrations such as high loan concentrations to a single borrower or household or high loan concentrations to a single industry.

Leading Practices

Credit Union Officials and Management

Officials (Board of Directors and Supervisory Committee)

  • Attend all board and committee meetings unless missing one cannot be avoided.
  • Be active in the oversight of the credit union.
  • Be willing to step-in to perform daily oversight functions as needed in credit unions with limited staff.
  • Assess the performance and oversight of the supervisory committee and make appropriate changes as necessary.

Credit Union Management

  • Hire qualified personnel to manage the credit union and oversee its daily operations.
  • Conduct a background and suitability review of each employee (i.e., individual’s ability to be bonded, credit check, etc.) prior to employment.

Board of Directors2

  • Set performance standards for the Chief Executive Officer or manager of the credit union and evaluate performance against these standards annually, at a minimum.
  • Review and approve key policies and procedures annually to ensure that the policies remain applicable to the credit union’s evolving operations.
  • Be proactive in requesting the necessary information from the credit union management team to thoroughly understand the performance of the credit union.

Supervisory Committee

  • Set the audit priorities and audit program for the credit union.3
  • Assign a risk level to the different operations within the credit union (for example, low, medium, and high). Operations that carry a high risk should be audited more frequently, while operations that carry a low risk can be audited less frequently. The risk assessment itself should also be audited and adjusted according to the findings of the audit.
  • Track audits scheduled, the responsible party for each area under review, and audit findings. Ensure audit findings are resolved timely and effectively.
  • Vet an external auditor’s qualifications and independence before selection and periodically thereafter. Oversee the auditor’s ongoing performance.

Operations and Policy

Training

  • Provide initial and ongoing training that is relevant to each employee’s job function.
  • Track training provided to officials to verify that each official receives both mandatory and continuing education training.4

Internal Controls and Segregation of Duties5

  • Provide for dual controls where warranted and segregation of duties appropriate to the size and complexity of the credit union.
  • Provide for a system of dual controls and audit of each key operating area.
  • Have clearly documented policies and procedures to ensure dual controls are in place where necessary. Train the individual providing the second level of control and ensure the individual is informed of the function he or she serves.
  • Implement an audit program to test the effectiveness of the controls and segregation of duties. The audit program should also review the policies and procedures to ensure they are appropriate for the level of complexity within the credit union.6

Early Fraud Identification and Prevention7

  • Be alert to the signs an employee exhibits when he or she is either struggling to make ends meet or living beyond his or her means. Both instances can be a red flag to potential fraud.
  • Implement a reasonable system of internal controls and audit program to deter fraud.
  • Institute dual controls to alleviate the potential for one person to make changes to the accounting system without supervision or validation from another employee.
  • Establish a policy that requires credit union employees take a minimum number of consecutive days off.

Recordkeeping

  • Staff the credit union properly to ensure adequate oversight is achieved.
  • Perform account reconciliations under dual control - one employee prepares the reconciliation and another employee reviews and approves the reconciliation.
  • Administer maintenance to accounts under dual control. For example, the employee making the investment trades should be different from the person who receives delivery of the investments and reconciles the investment portfolio.
  • Verify the account reconciliations are performed timely.

Controls over Accounting

  • Contact the credit union’s operating system vendor to require two different user IDs be required in material transactions.
  • Incorporate dual controls into as many operating activities as possible. This may require cross-training of employees in different areas of the credit union to have a second point of view on the process.
  • Require additional controls for higher risk operations.

Lending

  • Ensure policies and procedures are appropriate for the size and complexity of the credit union’s operations.
  • Use the lending policy to define who has the authority to approve loans and at what threshold.
  • Set standards and requirements for approving employee and insider loans that are separate from those used to approve member loans.
  • Establish lending limits based on asset size, lending complexity, and risk tolerance.
  • Set internal concentration limits based on the credit union’s individual needs, including for loan modifications and indirect lending. Vet, approve, and monitor the performance of any dealerships used for indirect lending.
  • Seek to maintain a reasonable level of diversification for the loan portfolio.

Resources and References

  • Federal Credit Union Act
  • NCUA Rules and Regulations
  • Credit Union Resources and Expansion: The Office of Credit Union Resources and Expansion supports credit union growth and development. This includes providing online training and resources for credit unions.
  • Fraud Prevention Resources: This section of the NCUA’s website provides credit unions with resources for deterring, detecting, and responding to insider fraud and external fraud, reporting suspected fraud to the NCUA, among other fraud resources.
  • NCUA’s Examiner’s Guide: The Examiner’s Guide provides guidance to the NCUA exam staff on regulations and exam procedures. Each section of the Examiner’s Guide focuses on a specific topic, providing background information and outlining any related regulatory and statutory requirements.
  • Other Supervisory Committee Audit Minimum Procedures Guide: This guide published by the NCUA provides the minimum procedures to perform when a supervisory committee is permitted to choose the Other Supervisory Committee Audit option for completing its annual audit requirement under NCUA Rules and Regulation Part 715 - Supervisory Committee Audits and Verifications.8
  • Letters to Credit Unions and Other Guidance: This section of the NCUA’s website provides guidance and other information to the credit union system on regulatory and supervisory matters, trends affecting credit unions, and potential risks and threats.
  • Manuals and Guides: This section of the NCUA’s website provides manuals with guidance for credit unions to strengthen their compliance with the NCUA’s regulations and those from other agencies.
  • NCUAchannel: The NCUA’s YouTube channel which contains videos of NCUA webinars, NCUA Board meetings, and NCUA Board appearances.

Footnotes


1 The review range for postmortems and MLRs differs because the 2021 failures did not require postmortems. There were seven failures in 2021. Six of the failures had aggregate estimated losses of $3.2 million at the time of failure, with an average estimated loss of $400,000. None of these six failures had losses that exceeded the $2 million threshold requiring a postmortem. The seventh failure had losses totaling $2.2 million and is included in the Office of Inspector General’s (OIG) MLR subset within this report.

2 NCUA Letters to Federal Credit Unions, 11-FCU-02, “Duties of Federal Credit Union Boards of Directors” (February 2011). Available at https://ncua.gov/regulation-supervision/letters-credit-unions-other-guidance/duties-federal-credit-union-boards-directors

3 NCUA YouTube Channel. Supervisory Committee 2 – Monitoring Management Activities; NCUA Examiner’s Guide. Supervisory Committee Chapter; and NCUA Learning Management System. Supervisory Committee Responsibilities.

4 See 12 CFR 701.4(b)(3). Duties of Federal Credit Union Directors and 12 CFR 701 Appendix A, Article VI, Section 6(d). Board Responsibilities.

5 NCUA Examiner’s Guide. Credit Union Operations: Internal Controls.

6 12 CFR 715.3. General Responsibilities of the Supervisory Committee.

7 NCUA’s website. Fraud Prevention Resources

8 12 CFR 715.7. Supervisory Committee Audit Alternatives to a Financial Statement Audit.

Last modified on