The Division of Credit Unions has published Bulletin B-16-02, which establishes their exam focus for 2016.

The bulletin lists four focus areas for 2016:

Cybersecurity
This goes hand-in-hand with NCUA’s focus of cybersecurity risks. The DCU hired Security Compliance Associates (SCA) to assist them in performing IT security examinations. The main differences that credit unions will see in the Division’s 2016 IT security program are: (1) More onsite IT exams will be performed; (2) More IT exam hours will be devoted to each examination; (3) Cybersecurity will be the IT exam focus; and (4) Examiners will stress the importance of credit unions completing the FFIEC cybersecurity self-assessment tool.

Interest Rate Risk
Examiners will closely evaluate each credit union’s IRR management program and its balance sheet composition to determine whether IRR levels are too high. Examiners will consider these main factors when evaluating a credit union’s overall IRR level and its IRR management program: (1) The current and projected levels of net income and net worth; (2) The ability of management, including the board of directors, to manage and control IRR; (3) The ability of staff and management to accurately measure and assess IRR exposure; (4) The credit union’s current IRR trend; and (5) Whether the credit union’s asset liability management (ALM) and IRR strategies and practices are consistent with anticipated market interest rate changes and board approved IRR tolerance limits.

Performing Comprehensive and Effective Due Diligence Over New Program Offerings and Vendors
Examiners will evaluate whether credit unions have strong procedural guidance and programs in place to ensure that satisfactory due diligence is performed on new program offerings and over its vendor management. It is important that credit unions develop and implement new programs which minimize operational and financial risks while keeping the credit union productive and profitable.

Examiners will closely review new program offering, especially new lending programs, to assess whether risks are properly managed and controlled. Examiners will also evaluate whether satisfactory due diligence is performed on new vendors and whether effective vendor oversight is performed on an ongoing basis.

Consumer Protection Law Compliance
The Division plans on scheduling at least six separate compliance examinations in 2016 at credit unions with total assets over $500 million. Examiners will continue to evaluate the following compliance areas during these exams: (1) The effectiveness of the overall compliance management program; (2) The compliance program’s ability to detect and self-correct problems; and (3) The credit union’s timeliness in implementing new regulatory compliance requirements. This is in addition to examining compliance with the new TILA- RESPA integrated disclosure requirements, the Servicemembers Civil Relief Act, and other specific consumer compliance regulations.

Compliance examination work will also be performed during regularly scheduled safety and soundness examinations. Examiners will focus on the following areas during these exams: (1) The overall effectiveness of the compliance program, given the credit union’s asset size and product offering; (2) BSA/OFAC; (3) The new TILA-RESPA integrated disclosure requirements; and (4) Banking licensed marijuana industry businesses. Other compliance areas may be examined, depending on the risk profile of the credit union.

http://www.dfi.wa.gov/sites/default/files/credit-unions/bulletins/B-16-02.pdf