Threats, Regs Swirl Around CUSOs, NCUA Urges Risk Hedging
LAKE BUENA VISTA, Fla. — Making the trek down to Disney World, NCUA Board Member Rick Metsger said he was looking forward to a break from the political grind that can sometimes grip the nation's capital city.
“Now that I’m living inside the beltway, I welcome the opportunity to be in the happiest place on earth instead of in Washington, the unhappiest place on the earth,” Metsger told a packed room at the National Association of Credit Union Service Organizations’ annual conference last week at the Disney Yacht & Beach Club Resort.
“Quite frankly, I’m also glad to be in a city with a bigger Mickey Mouse operation than Washington,” he quipped.
The April conference marked several milestones for NACUSO. First, the Newport Beach, Calif.-based advocacy organization is celebrating its 30th anniversary this year and secondly, after 28 years of holding its annual gathering in Las Vegas, this was the first time the confab made its way to Florida. More than 450 attendees turned out for the meeting.
It seemed that nearly all of them were in the room when Metsger, the NCUA's newest board member, spoke on the challenges and opportunities CUSOs are now facing in an evolving regulatory environment.
Credit unions are certainly in a better place thanks to a boost in membership, assets, loans and net worth and a drop in delinquencies, foreclosures and the number of troubled and failed credit unions, Metsger noted. The rebound in private sector jobs, a decline in unemployment and GDP growth has also helped the industry emerge from the Great Recession, he added.
“The problems we faced during the most recent financial crisis were not the same problems we faced in 1987 or during the high interest rates of the late 1970s or during the Great Depression or the crisis of 1812 or any other financial crisis,” Metsger said.
Because it's more difficult to predict the future than it is to analyze and understand the past, he pointed out, the NCUA is encouraging the industry to hedge risk and prepare for any multiple and adverse scenarios.
Metsger said among those emerging risks are cybersecurity, which was a hot topic at NACUSO's conference, with many of the guest speakers touching on its growing financial impact.
“Our world is more interconnected than ever before, technology changes rapidly and this new challenge is a serious concern for both credit unions and the NCUA,” Metsger said. “All of us in the credit union community have probably been living under a false sense of security in the past because credit unions tended to be late adopters of new technology and because traditional cybercrooks focused on larger and more profitable targets.”
With the help of CUSOs, credit unions are much more technologically advanced and connected than they were in the past, said Metsger. The downside of that interconnectedness is the industry is just as vulnerable to cyberthreats and cyberterrorism as much bigger institutions such as Bank of America, he warned.
“CUSOs, like Target's vendor, can also be a source of cybersecurity attacks and that is why the NCUA wants to make sure that both credit unions and CUSOs are properly guiding access to their systems,” said Metsger.
Still, CUSOs and other financial intermediaries can help credit unions find cost-effective solutions to security problems that might be too daunting or expensive for any individual credit union to solve on its own, he pointed out.
As Metsger shifted his talk to the topic of the risk-based capital rule, the air in the conference room became noticeably tense. NACUSO had criticized the proposal, saying the risk weighting of 250% assigned to investments in CUSOs is arbitrary, not supported with any empirical data and counter-productive to the collaborative risk mitigating model that CUSOs represent as a net income resource for credit unions.
Metsger said the NCUA still wants more input on whether all of the risk weightings are appropriate. However, he noted the thresholds are lower than those bank regulators put on equity investments in publicly traded companies at 300% and non-publicly traded companies at 400%.
NACUSO President/CEO Jack Antonini, who spent 30 years in the banking industry during the days of Basel I, suggested the NCUA consider bank service corporations, which are comparable to CUSOs and do not deal with risk weightings.
Meanwhile, Metsger made clear one trepidation he has about CUSO partnerships.
“Another concern I have is making sure that we do not inadvertently favor vendor relationships over CUSOs,” he said. “I understand why a credit union would rather partner with a CUSO than a vendor it has no control or relationship with.”
It's likely that affinity and what some say is Metsger's sincerity in getting to the heart of what concerns CUSOs that prompted a conference attendee to thank the NCUA board member for his accessibility.
Some of the audience's more heated questions came when the final CUSO rule was discussed by a panel from the NCUA: Pamela Yu, staff attorney in the Office of General Counsel, Regulations and Legislation; D. Scott Neat, director of supervision, Office of Examination and Insurance; and Frank Kressman, associate general counsel, Regulations and Legislation.
In November, the NCUA board finalized a rule that requires CUSOs that offer complex or high-risk services such as credit and lending, information technology, and custody, safekeeping and investment management services to report more detailed information, including financial statements and general customer information. While the rule goes into effect June 30, 2014, the reporting requirements won't start until Dec. 31, 2015, said Yu, who wrote the CUSO rule.
CO-OP Financial Services CEO Stan Hollen questioned why IT CUSOs are considered high risk, noting unlike commercial and business lending CUSOs, an IT CUSO has never been taken over by the regulator.
“While it's not systemic, the real concern is IT poses some risk because of malicious attacks,” Yu said.
Kressman said the intent is not to create unnecessary regulatory burden for CUSOs, however, the reality is the world has changed and as a result, has exposed more cyberthreats.
“In the financial marketplace, all financial institutions are using Internet-based banking systems. The concern is (IT) is an area that is perceived as a potential problem,” he explained.
Another attendee asked what would happen if Fiserv, which serves many credit unions, went out of business because of a cyberattack. Neat said since Fiserv is not a CUSO and serves banks too, it would not fall under NCUA's regulatory purview.
In his talk, Metsger said had the risk-based capital rule been in effect during the most recent financial crisis, losses to the share insurance fund would have been reduced by more than $178 million. An attorney brought up that point but also pleaded with the NCUA panelists to reconsider looking at how much it will cost CUSOs, credit unions and ultimately, members to comply with more regulations.
One attendee expressed what others in the room were probably thinking.
“If you continue to take away our ability to collaborate, you take away our ability to have capital,” he said.