NCUA’s Supervisory Priorities - A Look at What to Expect in 2026
If you haven’t had the opportunity to go through NCUA’s Letter to Credit Unions 26-CU-01 (the “Letter”), then you should know that many of the same areas of focus for examiners that were on the list for 2025 continue into this year. That said there seems to be a bit of a shift to heightened safety and soundness oversight this year. The focus on credit, liquidity, and operational risks seem to indicate NCUA’s concern for potential challenges for credit unions in the year ahead. Also featured prominently as opposed to previous years, is the NCUA’s focus on BSA/AML/CTF compliance.
Based on the focus areas highlighted in the Letter, below are some considerations to support alignment with NCUA’s expectations. Clearly these are not comprehensive, and each credit union will need to assess what may be required or appropriate for its own operations based on the letter.
Balance Sheet Management (Lending; Sensitivity to Market Risk and Liquidity; Earnings and Capital Adequacy):
What is clear is that lending quality, interest rate risk and liquidity resilience, and the strength of earnings and capital remain strong enough to absorb rising stress. In its letter, NCUA indicates that credit union loan performance is weakening and indicating increased stress in loan portfolios because of increased delinquencies and charge-offs. NCUA states it has not been this high “in an over a decade.”
Lending
• Ensure loan policies are being followed, and if there are exceptions, document the rationale(s) clearly.
• Ensure that workout and loss mitigation programs are well documented and consistently applied.
• Monitor for trends in delinquency and charge offs, renewals and escalate concerns, as necessary.
• Tighten due diligence and ongoing monitoring of indirect and third-party lending relationships.
Sensitivity to Market Risk and Liquidity
• Ensure stress testing scenarios reflect current rate and liquidity conditions.
• Verify that the credit union’s contingency funding plan is updated to reflect current balance sheet conditions; identifies available funding sources; provides clear executable actions; and steps that can be carried out immediately if needed.
• Ensure policies are monitored and updated to reflect the credit union’s current risk appetite and market conditions.
Earnings and Capital Adequacy
• Ensure earnings-related strategies, practices, and policies are aligned.
• Verify and confirm that stress tests are performed, documented, and retained.
• Ensure policies reflect current economic and portfolio conditions.
• Monitor and track any corrective actions.
• Review and document capital planning process and ensure it aligns with risk profile.
• Ensure risk assessments align with capital needs.
• Document board oversight.
Operational Risk Management (Payment Systems; Fraud Prevention and Detection):
The Letter indicates that examiners will want to ensure that the credit union has controls in place to prevent errors, fraud and service disruptions.
Payment Systems
• Review/update payment system controls to ensure that appropriate authentication, dual controls, and monitoring are in place.
• Ensure effective monitoring is in place to detect errors, fraud, and unusual activity.
• Review procedures for vendor oversight to ensure they are current, clear, and consistently followed.
Fraud Prevention and Detection
• Ensure strong monitoring and alerts to identify unusual and/or suspicious transaction activity.
• Review internal controls and separation of duties procedures and processes for gaps that could create opportunities for fraud.
• Conduct periodic updates and testing of fraud prevention processes and safeguards to keep them up to date and effective.
BSA/AML/CFT Compliance Programs:
NCUA wants to make sure credit unions keep their BSA/AML/CFT compliance programs up-to-date and solid enough that they can effectively detect and address current financial crime risks.
• Ensure the credit union’s BSA/AML/CFT risk assessment, policies, procedures/and related processes are up-to date.
• Review and update monitoring and surveillance systems to ensure they effectively detect and escalate suspicious activity.
• Review, supplement, and update training to align with changing risks and requirements.
Questions? Comments? Reach out to compliance@americascreditunions.org