Ten days ago I received a positive comment on a post. I asked what aspect spoke to the writer.
In return the CEO Joy Peterson of Bessemer System FCU, Grenville, PA sent an article written earlier that she hoped to publish in the credit union press.
I read it. Her voice is authentic; her coop commitment lifelong; and her frustration with the regulatory environment, clear.
In her lament, I hear echoes that concern many about leaders in Washington, especially those in positions of authority.
I suggested she add recommendations to her critique. She did. They are in the second part of this blog to be presented tomorrow. Here is part I.
From Joy Peterson:
As a lifelong accountant, my Dad had a sign hanging in his office that said “Auditors are the ones who come in after the war to bayonet the wounded”. His clients would all chuckle at the sign and nod in agreement. As a child, I didn’t quite understand the meaning. As the CEO of a small credit union, I understand completely. Our regulator, NCUA can be thought of as the auditor in the equation. It’s quite possible that FDIC and CFPB are members of the same group although I don’t have enough direct contact with them to speak to them specifically.
Membership Growing, Credit Unions Declining
At the end of 2013, there were 6,554 Federally insured credit unions in the U.S according to ncua.gov statistics. By the end of 2021, the number had declined by an astounding 1,612 to 4,942. During that same time period, the number of credit union members actually increased from 96.3 million members to in 2013 to 129.6 million members in 2021. Since the membership numbers grew, it seems evident that the decline in the number of credit unions is not due to consumer dissatisfaction.
What then, does explain the loss of so many credit unions at a time when Americans are searching for value and safety in the financial industries? Even with fewer credit unions to choose from, 129.6 million Americans still seem to find solace in member-owned financial services. Evidently, they still believe in the prospect of pooling their money for the good of all of the members that make up their charter. Based on results, our regulator doesn’t hold that same high opinion of Federally insured credit unions and their mission of service.
Serving NCUA, Not Members
I’ve been a lifelong member of my credit union and an employee since 2001. In that time, I’ve seen substantial regulatory changes in my credit union as well as the industry as a whole but none as significant and harmful as the ones I’ve noted from 2013-2022. Our members are not being served by their credit unions. Instead, our credit unions are serving NCUA.
Based on the numbers, many have been unable to continue to do so successfully. Some have been dissolved involuntarily and many others have been “encouraged” to merge in order to fulfill NCUA’s crushing requirements for what is deemed to be “safety and soundness.”
It seems NCUA would much rather provide oversight to a few giant credit unions than have to provide guidance and oversight to thousands of us little guys. Is that really what the millions of members of both small and large credit unions want? Do our members really understand that there will come a time when belonging to a credit union is no different than being an account holder with Bank of America or Wells Fargo as their individual control over their financial institution is being diluted at a record pace?
The Compliance Burden: Boards as Scapegoats
Today, trying to comply with NCUA’s ever growing list of compliance requirements is like trying to herd cats. Are those requirements making credit unions safer and more productive and efficient? Based on the numbers, the answer is a very clear and unequivocal NO.
Each NCUA audit results in additional requirements for volunteer board members and supervisory committee members. These completely uncompensated volunteers are now expected to review employees’ accounts, verify the vault, balance the checking account, review corporate accounts, attend meetings and training on Bank Secrecy and on and on and on.
When volunteers resign in frustration, NCUA demands they be replaced. Replacing volunteers encumbered with such overwhelming responsibility is becoming nearly impossible. Not only are they not compensated, they frequently aren’t even able to receive some of the benefits the rest of the membership are granted like the waiving of fees for an incidental overdraft or a request for a stop payment.
They are reminded with every NCUA contact of their culpability for any insider fraud or failure to mitigate risk appropriately. Rather than volunteers, they are becoming potential scape goats for NCUA. In order to rope in replacements, we have to overstate the “service to your community” aspect and seriously understate the actual responsibility of it all.
The Big Three DP Monopoly
Beginning around 2014, NCUA started a nearly constant drumbeat regarding “Vendor Due Diligence”. We are cautioned on the growing threat of losses caused by the numerous outside vendors we use for everything from data processing to corporate account services to network security.
We chase our tails trying to verify these vendors are properly insured and sustainable and are abiding by regulatory requirements in terms of security. We make lists and check boxes and retrieve SOC I and II reports. We even hire other vendors to help us keep track of us monitoring our vendors. We spend thousands upon thousands of dollars and hundreds and hundreds of hours trying to make sure our vendors are safe.
In reality, small credit unions have very little choice of vendors and almost no control of their behavior, particularly in regard to information security. The Big Three data processors have become so big and so powerful. They have not only access but also control of every bit of our members’ financial information.
They refuse to provide security audit information on the pretense that doing so would compromise their own security. They refuse to return our data without hundreds of thousands of our members’ hard-earned dollars in “de-conversion fees” if we attempt to cut ties with them. They hold our data hostage and simply refuse to allow our exit until we meet their demands. Rather than a contract termination, our dissatisfaction is relegated to a hostage negotiation scenario.
Does NCUA intervene on our behalf as we attempt to comply with their demands surrounding vendors? Absolutely not. In whispers they admit that they have no oversight of these giants either.
Yet small and large credit unions alike are expected to demonstrate that we are overseeing these bullies. The really large credit unions at least have the benefit of the substantial sums they pay to these vendors to use their leverage to obtain Service Level Agreements when signing contracts.
Small credit unions like mine have no such advantage. The Big Three don’t care what I demand in terms of service on behalf of my members. When their shoddy security practices put my members’ information at risk, they shrug their shoulders and basically dare me to find an alternative.
Rather than contrition and embarrassment regarding their failure to maintain adequate security against current threats, these Fortune 500 companies threaten legal action for disclosing their rookie mistakes. They aren’t sorry they failed to use their superior security resources to provide superior security. They are only sorry we found out about it and demanded that we deserve better.
End part I.
Part II tomorrow, includes a recent additional concern and six recommendations for improving the regulatory relationship.