Washington State Department of Financial Institutions




DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

January 5, 2004
No. B-04-01

Changes in State's Unclaimed Property Regulations

Effective January 4, 2004, the Unclaimed Property Regulations, found at  RCW 63.29, change to require escheatment of certain abandoned property after only three years.  Previously escheatment was not required until the property was abandoned for five years.  Affected unclaimed property now requiring escheatment after only three years includes:

Unclaimed property is any intangible amount owed or held by an organization that remains unpaid or has no evidence of positive owner activity for an extended period of time. Unclaimed property does not include real estate, vehicles, and most physical property. Safe deposit box contents are the only tangible property that is reported.  Safe deposit box contents and money orders continue to have a five-year abandonment definition and payroll checks continue to be defined as abandoned after one year.

Typically credit unions determine member accounts as dormant after three years of inactivity.  As of January 4, 2004, credit unions will need to remit to the state after only three years.   This could impact the amount of fee income earned to the credit union, if dormant account fees are typically assessed.

The board minutes should reflect this change in the regulations has been discussed and that relevant credit union policies and procedures have been changed.

If training is needed by the credit union, a Department of Revenue newsletter describes workshops available.  The newsletter can be found electronically at http://dor.wa.gov/docs/pubs/ucp/UCPNewsletter.pdf.  If you prefer, you can arrange to have one of the DOR auditors provide training at the credit union.  If so, workshops and training are arranged by writing to UCP@dor.wa.gov

There is also a report year conversion table available at http://dor.wa.gov/docs/pubs/ucp/conversi.pdf.

Should you have further questions, please contact Jane Johnson at (360) 902-0508.

DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

January 9, 2004  
No. B-04-02

IS & T Best Practices

Trust CC has been performing IS&T examinations under contract for the Division of Credit Unions for the past five months.  To provide information to our credit unions regarding Information Systems & Technology (IS & T) security we asked Tom Schauer of Trust CC to summarize his findings in this area for us.  This bulletin is intended to assist credit unions to improve IS&T operations by sharing some key best practices.

IS&T Security Best Practices

Management/Board Oversight.  The most security-minded credit unions regularly involve management and the Board of Directors in all information technology (IT) and information security decisions.  They routinely provide reports or schedule quarterly updates concerning risk assessment elements, equipment/software upgrades, or other changes in technology, along with the security ramifications of each.  All reports/updates are reflected in the board minutes, along with board approval, disapproval, or actions to be taken. 

  1. Policies and Procedures.  The best information security policies and procedures are those that are board approved; are detailed enough to be usable by IS&T staff, users, and management; and address all elements listed in Appendix A, 12 CFR 748.  Policies adopted from other institutions may be a good starting point but they must be tailored to the credit union’s own unique operating environment. 
  2. Virus Protection.  The best virus protection is that which is always on and is fully automated.  Automatic virus program downloads are recommended.  Those that are not fully automated should implement a manual maintenance schedule to accomplish the same thing, ensuring that every server, machine, and workstation has been updated and scanned.  Staff must be carefully trained to avoid introduction of a virus into the internal network.
  3. Risk Assessment.  A risk assessment, as outlined in 12 CFR 748, is a systematic analysis of your operating environment in which you identify foreseeable internal and external threats, assess the likelihood and potential damage of these threats, and assess the sufficiency of policies, procedures, and information systems in place to control these threats or risks.  A risk assessment is your process to ensure that your credit union has done everything possible to protect your systems—and most importantly, member data—from unauthorized disclosure, misuse, alteration, or destruction.  Some of the most effective risk assessments we have seen are simple spreadsheets with separate columns for Threat, Likelihood of Occurrence, Potential Impact, Mitigating Controls, and Conclusion.
  4. Patch Management.  News stories are frequently aired about security weaknesses or vulnerabilities on various operating systems, such as Windows 2000, XP, Solaris, or UNIX clones.  Viruses and worms are successful because they exploit vulnerabilities, which have been identified but that system administrators have simply failed to close with available tools.  Closing these vulnerabilities is becoming exceedingly simple, through patch management.  Secure credit unions have instituted regular and routine review and installation of released patches.  These credit unions have either automated this process or set up a regular maintenance schedule, which includes Windows Updates or similar program updates in other operating systems.  Microsoft’s patch management guidelines are at www.microsoft.com/security.


Information security is everyone’s responsibility, and a strong information security program will help ensure that your member information is protected.  In 12 CFR 748 and the FFIEC Information Security Handbook, you will find the tools available to accomplish this.  If you review these and implement their guidelines, you will have the confidence that your critical information is secure. 

Questions about these changes may be directed to Doug Lacy-Roberts at 360-902-0507 or Mike Delimont at 360-902-8753.


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

February 26, 2004  
No. B-04-03

Department Adopts Final Guidance on
Overdraft Protection Programs For Credit Unions and Banks 

On February 26, 2004 the Department of Financial Institutions (Department) adopted final guidance on overdraft protection programs for Washington state chartered financial institutions.  Enclosed is a copy of Guidance and Best Practices.

The Department thoroughly reviewed the approximately 20 comment letters/documents from credit unions, banks, trade organizations, vendors, and consumer groups in response to the draft guidance.  After careful consideration of all comments, the guidance was finalized.

The guidance sets expectations for discretionary overdraft protection programs with:

  1. Flexibility for financial institutions to offer this service in a responsible manner; and
  2. Protection for consumers through better disclosures about the program, timely notification of fees and charges, and clear information when the account will become overdrawn.

Please direct any questions about the Guidance and the Best Practices to Division of Credit Unions (360) 902-8701 or e-mail questions to comments@dfi.wa.gov

State of Washington

Department of Financial Institutions



February 26, 2004

Table of Contents


Page No.





Customer Education  



Advertising/ & Marketing   



“Automatic Eligibility”     



Internal Decision-Making Policies



Notification & Terms of Overdraft Protection   



Disclosure of Balance



ATM Cash Withdrawals  






Notification of Overdrafts     



Amount and Disclosure of Overdraft Fees     . . . . . . .



“Dollar Limits” of Overdraft Protection Programs   



Pay/No Pay Decisions    



Order of Payment of Overdrafts



Suspension of Overdraft Protection



Third Party Vendors



APPENDIX:  Definition of Overdraft Protection Programs



1.0 Introduction

On June 18, 2003, the Department of Financial Institutions (DFI) issued an examination by questionnaire to Washington state-chartered financial institutions[1] regarding their use of Overdraft Protection Programs[2].  After compiling the results of the Examination Questionnaire, the Department found that, in general, state-chartered institutions have acted reasonably and responsibly when offering Overdraft Protection Programs.  However, there are some areas where these institutions can improve.

What is Guidance? The following Guidance provides what the Department views as features of an Overdraft Protection Program that are safe and sound, and provide adequate consumer protection.  While the Guidance does not have the force of law, it expresses the Department’s view of what each state-chartered institution should strive to achieve.

What is a Best Practice? We have also provided with this Guidance some examples of Best Practices by Washington state-chartered institutions.  A Best Practice is a positive example for state-chartered institutions that addresses certain issues of an Overdraft Protection Program.  The Best Practices outlined below reflect actual practices of certain institutions – not hypotheticals.  In some instances, the Best Practices may exceed the standards set forth in the Guidance.

The Department expects financial institutions to consider the Guidance when developing and maintaining Overdraft Protection Programs.  In addition, the Department believes the Best Practices may help foster even greater responsibility to the public in the offering of Overdraft Protection Programs.

Please direct any questions about this Guidance and the Best Practices to Division of Banks (360) 902-8704 or Division of Credit Unions (360) 902-8701 or e-mail questions to comments@dfi.wa.gov

2.0 Customer[3] Education

2.1 Guidance

2.1.1 Customer Education.  DFI encourages institutions to inform customers of the risks and consequences of relying on this product, and the costs and benefits of various alternatives for short-term customer borrowing (e.g., transferring from savings, lines-of-credit, and credit cards).   

[1] The word “institution” is used interchangeably for a bank, thrift, or credit union.

[2] The definition of “Overdraft Protection Program” is specific for this Guidance and can be found in the Appendix.

[3] The word “customer” is used interchangeably for “credit union member.”

3.0 Advertising & Marketing

3.1 Guidance

  • “No more charges from retailers for insufficient checks.”
  • “Make a mistake -- you’re covered.”
  • “Write a check or use an ATM for more than you have in the Bank -- you’re covered.”
  • “Money may not grow on trees, but here’s the next best thing.”

3.2  Best Practices

3.2.1 One institution stood out as exhibiting best practices for advertising and marketing.  The institution:

4.0       “Automatic” Eligibility

4.1 Guidance

4.1.1  Notify When “Automatically” Added to Account.  A customer should not first learn about the Overdraft Protection Program when s/he receives her/his first overdraft notification letter.  The institution should promptly notify the customer and provide full disclosure of the Program (1) when the account is opened or  (2) when the customer meets the “automatic eligibility” requirements.  4.1.2     Opt-out.  (See section 9.0.)

5.0 Internal Decision-Making Policies

5.1 Guidance

5.1.1 Consistent Eligibility Requirements.  Eligibility requirements should be consistently applied. The customer should be generally informed of eligibility requirements at account opening. 5.1.2  Fair Lending Concerns.  Even though Overdraft Protection may be exempt from the Truth-in-Lending Act (TILA), this “discretionary service” may nonetheless constitute “credit” within the meaning of the Equal Credit Opportunity Act

(ECOA), at 15 USC, section 1691a.  Moreover, if credit scoring for eligibility purposes is applied in a manner that would result in a discriminatory “effect,” an institution may face potential liability for such credit scoring, however well intentioned it may be.  Although there is nothing discriminatory about credit scoring per se, we caution institutions to be watchful of their internal eligibility procedures -- particularly because intent to discriminate is not a requisite of a “fair lending” claim.

6.0 Notification & Terms of Overdraft Protection

6.1 Guidancee

Despite some good to very good practices as noted in section 6.2, all institutions can improve upon their disclosures, both as to clarity and/or specificity of all terms.  This is true of brochures, deposit contracts and other disclosures.

6.1.1 Complete Disclosure.  There should be complete disclosure of all terms of Overdraft Protection at account set up or when the customer meets “automatic eligibility” requirements.  Disclosures should be clear, concise, easy to read, and include the following elements:

6.1.2 Deposit Contract or Rules of Account.  All terms of Overdraft Protection should be set forth in a separate section in the Deposit Contract or Rules of Account (or equivalent), both textually and in any table of contents or index.

6.1.3 Avoid Misleading Customers About Overdraft Limits.  An institution should not mislead customers about the extent of overdraft limits.   

6.2 Best Practices

6.2.1 Deposit Contract is Inadequate as Sole Information Medium.  Deposit contracts and rules are often difficult to read.  Several institutions assist customers in understanding the program by providing a brochure.  One institution provides a brochure that contains the following worthy elements in simple, lay language:

6.2.1a Distinguishes its true overdraft protection product, “Overdraft Limit” from other products such as “OD Line of Credit” and “OD Transfer Service.”

6.2.1b Repeatedly and clearly emphasizes the service is “discretionary” and not “automatic.”

6.2.1c Reminds the customer of his/her responsibility to record all balances and transactions (including check card purchases, ATM withdrawals, electronic bill payments or other automatic transactions) and to maintain sufficient funds within his/her account.

6.2.1d Provides a customer service hotline for additional information or to have the brochure explained by a customer service representative.

6.2.2 Providing Web Information.  Many institutions make good use of their respective Web sites to disclose information about Overdraft Protection.

7.0 Disclosure of Balance

7.1 Guidance

7.1.1 Available Balance.  Institutions should not include the Overdraft Protection amount in the available balance.  The available balance disclosed to the customer should be the amount the customer can withdraw without overdrawing the account, i.e. the actual balance. The customer should receive the same available balance amount no matter what service is being used (e.g., teller inquiry, ATM screen, on-line banking, debit card transaction, or telephone transfer)

8.0 ATM Cash Withdrawals

8.1 Guidance

8.1.1 Notice on Institution-Owned or -Controlled ATM Screens.  Institutions should include   a notice on their owned or controlled ATMs that the customer views prior to completion of a transaction. The notice should explain to the customer that completion of the transaction may result in an overdraft and the customer may incur an overdraft fee.  

8.1.2 Notice on Other ATM Screens.  The Department encourages institutions to inquire of their ATM service providers as to the availability of additional disclosures regarding overdraft fees on ATM screens.

9.0 Opt-Out

9.1 Guidance

9.1.1 Notice of Opt-Out Privilege at Account Set-Up.  Customers should be informed at the time they qualify for protection that they may opt-out.  Customers should be informed of the consequences of opting-out, and any alternatives to Overdraft Protection Programs.

9.1.2 Timing & Methods of Opting-Out.  Customers should be able to opt-out of the Program at any time by a clearly defined method disclosed in the deposit contract.   

10.0 Notification of Overdrafts

10.1 Guidance

10.1.1 Universal Notification.  Institutions should send written notification to the customer within one to two business days of payment of an item causing an overdraft.

10.1.2 Contents of Notification.  Written notification should include the following:  amount of overdraft(s), date of overdraft(s), associated fees, required amount to be repaid, required time of repayment, and a number to call, or a website or e-mail address to contact if the customer has questions. 

10.1.3 Follow-up Letters.  Institutions should send one or more follow-up letters when the account remains overdrawn.  The notice should contain the date by which the overdraft amount must be repaid to remain eligible for the Overdraft Protection Program.

10.2 Best Practice

10.2.1 Contact by Phone. Some institutions contact the customer by telephone the same day the overdraft occurs.

11.0  Amount & Disclosure of Overdraft Fees

 11.1 Guidance

11.1.1 Additional Charges/Interest.  These charges include daily interest or periodic fees exceeding what an institution imposes as an overdraft protection fee. [For example, charging $3 per day when the customer has a negative balance, or charging interest after 3 business days at prime rate plus two percent.]  Currently, federal regulators are reviewing whether or not such fees are finance charges and subject to disclosure under Regulation Z, 12 CFR, section 226.4(b)(2).  As a result of these concerns, DFI cautions institutions not to impose additional charges/interest over and above their Overdraft Protection Program fee.

11.1.2 Overdraft Protection Program Fees in Excess of NSF Fees.  Overdraft protection fees exceeding the amount of NSF fees may trigger finance charge disclosure requirements contained in Regulation Z, 12 CFR, section 226.4(b)(2).  As a result of these concerns, DFI cautions institutions not to impose overdraft protection fees in excess of NSF fees. 

11.1.3 Truth in Savings Disclosures. All overdraft protection fees and charges in connection with a deposit account must be disclosed in order to be in compliance with the Truth in Savings Act and Regulation DD (12 USC, section 4301 et seq. and 12 CFR, part 230.1).   [Note:  If the service is to be implemented after account opening, the notice of fees, if given at a later time, must meet all applicable notice of change requirements under such regulations.]

11.2 Best Practice

11.2.1 Maximum Daily Fee Limits.   A number of institutions have established reasonable limits on the amount of overdraft fees assessed per day.

Example:  One institution has a daily limit of four fees at $18 per overdraft item.  If the customer has six overdrafts on the same day, the institution will charge $72 total in fees ($18 times 4 items).  The items in excess of four on that same day are paid as overdrafts up to the customer’s overdraft protection limit, but no fee is charged for overdraft items in excess of four per day.  Chronic users of excessive overdrafts have their overdraft limit suspended or the checking account closed, based on the institution’s written policy in the Overdraft Protection Program disclosures.

12.0 “Dollar Limits” of Overdraft Protection Program

12.1 Guidance

12.1.1 Consistent Requirements. The amount of protection should be based on a consistent and standard set of factors.

12.1.2 Increasing Limits Based on Account Behavior.  Institutions should place reasonable initial dollar limits per account.  Increases in the dollar limits should be approved based on the customer’s ability to handle the increased limit, an analysis of account activity, and an analysis of risk.  Institutions should not raise the limits for the primary purpose of increasing the volume of NSF’s per customer account.

13.0 Pay/No Pay Decisions

13.1 Guidance

13.1.1 Consistent Objective Methods for Honoring Overdrafts.  Institutions should have consistent objective methods for their Overdraft Protection approval process, whether automated or having personnel review the transactions.

14.0 Order of Payment of Overdrafts

14.1 Guidance

14.1.1 No Change in Order.  Institutions should not change the order in which items are honored for the purpose of increasing the number of items that would overdraw an account.

14.1.2 Disclosure.  Institutions should clearly disclose to their customers the order in which items will be paid.

15.0 Suspension of Overdraft Protection

15.1 Guidance 

15.1.1 Disclosure of Grounds for Suspension.  Reasons for suspension/cancellation of Overdraft Protection should be clearly disclosed to the customer.  Such reasons may include:  failing to bring accounts to a positive balance within xx days; filing for bankruptcy protection; delinquency of a loan account; or illegal activity such as check kiting. 

15.1.2 Notification of Suspension.  Customers should be notified in writing when protection is suspended/cancelled. 

15.1.3 Consistent Application of Suspension Rules.  Rules for suspension/cancellation of Overdraft Protection should be applied consistently based on specific, identified criteria. 

15.2 Best Practices

15.2.1 Warning before Suspension.  One institution provides the following after an account has been overdrawn for five consecutive days:  a letter is mailed instructing the customer to immediately bring his or her account to good standing.  If the account is not brought to good standing within the next five days, transactions on the account will not be honored (because the Overdraft Limit will be suspended). After ten consecutive days, another letter is sent instructing the customer to immediately bring his or her account to good standing.  This letter also notifies the customer that transactions on his or her account will not be honored  (because the Overdraft Limit has been suspended). Once Overdraft Limit is suspended, it no longer appears on the periodic statement.

15.2.2 Consistent Terms for Suspension.  At some institutions if a checking account remains negative for more than 10 days, the customer is notified by letter that overdraft privileges are revoked. 

16.0 Third Party Vendors

16.1 Guidance

16.1.1 Third-Party Risk.  The Office of the Comptroller of the Currency (OCC) has previously issued guidance as to risks in dealing with a third-party vendor of Overdraft Protection, which this Department, in principle, endorses.  

16.1.1a No Third-Party Sharing of Risk/Due Diligence of Vendor.  It often appears that the arrangement an institution enters into with a vendor to participate in an Overdraft Protection Program is devised in such a manner that only the institution is subject to the credit and reputation risk, while the vendor shares the benefits (i.e., the income). Institutions should conduct due diligence reviews of vendors.  This includes initial and ongoing reviews of the financial information of any vendor.  These reviews are necessary to ensure that the vendor can fulfill the representations as outlined in the contract.  Requirements for the timing and quality of financial information should be set forth in the vendor’s contract.

16.1.1b Lock-In (Anti-Termination) Clauses.  Beware of contracts with a termination clause that prohibits or severely restricts the contracting institution’s ability to terminate once a Program is initiated.  In one such contract, only the vendor has control of termination, and the only termination consideration is if the 150% fee income profitability goal is not achieved.  Such a one-sided termination clause would be potentially detrimental for an institution from a reputation, financial, and strategic risk perspective.  Under such a contract, the institution would have no recourse if it became dissatisfied for a variety of reasons, such as customer satisfaction, institution reputation, and credit risk issues (e.g., 50% of the customers complain or 15% delinquency rate).


APPENDIX:  Definition of Overdraft Protection Programs

Typically, Overdraft Protection Programs generate fee income by covering overdrafts up to a specified predetermined limit.  These programs differ from traditional overdraft programs because they are automated and the customer does not obtain prior credit approval for the program; nor does the program utilize a credit card, line of credit, or savings account in order to cover the overdraft. 

Although there are many variations of Overdraft Protection Programs, most programs have the following standard features:

Financial institutions make the program available to customers whose account is in “good standing.”  Financial institutions define “good standing” differently.  For example, “good standing” may be defined as an account that has been open for 30 to 60 days with regular deposits made to the account, or it may be defined as an account where the customer makes regular deposits and the account has a positive balance at least once every 20 days.

  • Checks and other withdrawals at teller windows;
  • ATM cards or Debit cards (for example Visa, Check Card);
  • ACH withdrawal transactions;
  • Checks issued to a third party;
  • Online banking or a voice banking line;
  • Debit and point of sale transactions;
  • Any other debit transactions honored through a personal checking account.

Customers are charged an overdraft fee for each payment made by the financial institution up to the program limit.  In addition, some institutions may charge other fees including daily overdraft fees.

Customers are required to bring their account to a positive balance at least once in a stated time period (for example, once every 20 or 30 days).  There are varied consequences if an account is not brought to a positive balance.  For instance, some institutions close the account and revoke the privilege, while others revoke only the privilege.

DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

March 15, 2004  
No. B-04-04

Servicemembers' Civil Relief Act

On December 19, 2003, the President signed into law H.R. 100, the Servicemembers’ Civil Relief Act.  50 USCS Appx 501 (2003), et.seq.  The law completely rewrites the Soldiers’ and Sailors’ Civil Relief Act of 1940, expanding many of the previous laws civil protections.  Since many state-chartered credit unions work with members of the military serving on active duty, we wanted to remind credit unions about the new provisions of the law. 

The new law has specific requirements that must be followed during foreclosure.  Under the Act, if a servicemember’s obligation is secured by a mortgage or trust deed and an action to enforce the obligation is filed during or within 90 days after the servicemember’s military service, the court is authorized to (1) stay the proceedings and (2) adjust the obligation as it sees fit.  In addition, a sale, seizure, or foreclosure is not valid if made during or within 90 days after the period of the servicemember’s military service except: (1) upon a court order granted before such sale, foreclosure, or seizure with a return made and approved by the court; or (2) if made pursuant to an agreement as provided in the Act.  See 50 USCS Appx 517 (2003). For your review we attach to this document the section of the new law that pertains to foreclosures. 50 USCS Appx 533 (2003).

If you have any questions or concerns about applying the new law to your members, please consult qualified legal counsel. 


50 USCS Appx 533 (2003)

533.  Mortgages and trust deeds

  1. Mortgage as security. This section applies only to an obligation on real or personal property owned by a servicemember that--
  1. originated before the period of the servicemember's military service and for which the servicemember is still obligated; and
  2. is secured by a mortgage, trust deed, or other security in the nature of a mortgage.
  1. Stay of proceedings and adjustment of obligation. In an action filed during, or within 90 days after, a servicemember's period of military service to enforce an obligation described in subsection (a), the court may after a hearing and on its own motion and shall upon application by a servicemember when the servicemember's ability to comply with the obligation is materially affected by military service--
  1. stay the proceedings for a period of time as justice and equity require, or
  2. adjust the obligation to preserve the interests of all parties.
  1. Sale or foreclosure. A sale, foreclosure, or seizure of property for a breach of an obligation described in subsection (a) shall not be valid if made during, or within 90 days after, the period of the servicemember's military service except--
  1. upon a court order granted before such sale, foreclosure, or seizure with a return made and approved by the court; or
  2. if made pursuant to an agreement as provided in section 107 [50 USCS Appx 517].
  1. Penalties.
  1. Misdemeanor. A person who knowingly makes or causes to be made a sale, foreclosure, or seizure of property that is prohibited by subsection (c), or who knowingly attempts to do so, shall be fined as provided in title 18, United States Code, or imprisoned for not more than one year, or both.
  2. Preservation of other remedies. The remedies and rights provided under this section are in addition to and do not preclude any remedy for wrongful conversion otherwise available under law to the person claiming relief under this section, including consequential and punitive damages.

DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

May 17, 2004  
No. B-04-05

Board of Directors Examination Questionnaire

“Credit Union Board Effectiveness”, a video by the Filene Institute, recommends many successful strategies for board of directors, including strengthening board training.  We agree.  The Division of Credit Unions encourages directors to take training that will assist them on their oversight of the credit union.

To continue our emphasis on board training, we are using an examination questionnaire as the basis to explore the Board of Directors.  During each exam we will be inviting one or more members of the Board of Directors to meet with the examiner for an informal discussion (typically 30-60 minutes).  Management is also welcome to attend.  Our purpose is to provide an opportunity for board members and examiners to share common concerns about the credit union, examination, or competitive financial service environment.  We hope the discussion will help both the examiner and the board in understanding how the board is fulfilling their responsibilities.

To assist examiners on what is the board of director’s role, we developed a questionnaire for the following areas:

Board dutieses Supervisory committee role Succession planning
Fiduciary responsibility Oversight of management Compensation
Limiting personal liability Planning Examination red flags

Examiners typically answer many of these questions as they review board packets and other exam information.  While the questionnaire is somewhat lengthy, only some of the questions will be discussed during a particular exam.  We welcome feedback on the exam questionnaire and particularly what areas the board would like more training.

In addition to this bulletin, the questionnaire is available on our web site at www.dfi.wa.gov/cu/default.htm or from any of our examiners.  Please contact Jane Johnson at 360 902-0508 or Doug Lacy-Roberts at 360 902-0507 for additional information about the questionnaire.


Examination Questionnaire for Board of Directors

Duties of Board


1.  How does the board:


a.  Maintain independence from management


b.  Enforce regular board meeting attendance


c.  Avoid conflicts of interest and self-serving practices


d.  Ensure the credit union serves the credit and savings needs of its field of membership


2.  Does the demographics and diversity of the board reflect the diversity of the membership?


3.  How does the board recruit board members?


4.  When vacancies occur, does the board or nominating committee determine the skills needed on the board and recruit nominees for board membership who can fill these skills?




1.  How does the board provide training to new board members in the risks and responsibilities of fiduciary responsibilities?


2.  Who is responsible to make the final determination as to whether a fiduciary responsibility has been breached?


3.  Does the board allow attendance at board meetings via telephone conference call?


4.  Has any board member had a transaction with the credit union other than loans as typically granted to non-affiliated members or savings accounts on terms found with non-affiliated members?


a. Describe the transactions:


b. If it involved real property, was an independent appraisal obtained?


c. If not real property, did the board obtain sealed bids for the transaction?


d. Did the affiliated director recuse himself and leave the room while the transaction was discussed, deliberated, and voted upon?


e. Do the minutes reflect this recusal?


5.  Are all loan transactions, including new loans granted and refinances, at terms and conditions both available to the membership at large as well as used by the membership at large?


6.  How many board members met with the examiner in charge at the last exam to hear his / her concerns?


7.  Who represents the Supervisory Committee at each board meeting?


8.  Is the use of credit union property restricted to authorized activities?


9.  Have any credit union assets been sold to any board member?


Limiting Personal Liability


1.  Obtain copies of the written duties and responsibilities for board members.


2.  Obtain copies of the written performance standards and expectations for board members.


3.  Is each director, officer, committee member, and employee of a credit union adequately bonded?


4.  Does the board retain an attorney to opine on compliance when implementing new services or products?


5.  Does the board and management comply with laws and regulations that promote equal opportunity for all members regardless of race, color, religion, gender, national origin, age or handicap?


Supervisory Committee


1.  How does the supervisory committee stay fully informed as to the financial condition of the credit union and the decisions of the credit union's board?


2. Did the credit union use an independent auditor / firm for the last audit?  If yes, who / which?


If yes click here: 


a. Describe the bid and interview process used by the supervisory committee to hire the firm used.


b. Was the last audit report addressed to the Supervisory Committee?


c. How did the Supervisory Committee coordinate management's response to the audit report?


3.  How many members of the Supervisory Committee met with the last examination team to hear his / her concerns?


4.  What criteria has the Supervisory Committee determined will trigger their hiring an internal auditor?


5.  If the credit union currently has an internal auditor, who does that person report to?




1.  Describe the training each board member received in the past year to carry out his / her duties and responsibilities?


2.  Describe the board packet of information received prior to each Board meeting.


3.  Did the board design and designate what information will be included in the board packet? 


4.  What additional information would you like to see?


5.  Does each board member receive adequate information to carry out his / her duties and responsibilities?


6.  How much time does each board member have to read and digest the board packets prior to having to make decisions?


7.  How do you train new board members so they might understand the terminology, calculations, relevance, and materials used in the board packet to ensure that they can adequately analyze and participate in a discussion on matters before the board?


8.  How does each board member keep up with changes in the environment / regulations?  (How do board members hear about changes in regulations?)


Oversight of Management


1.  When did the board last review the written performance standards for the CEO to ensure they are relevant and address the current needs of the credit union?


2.  Does the board routinely discuss and either provide correction or approval of major management strategic decisions, degree of management's due diligence, and management's effectiveness in carrying out policies and procedures?


3.  Describe the internal systems used by the board to monitor operations and ensure that management takes appropriate actions that conform to board approved policies and directives.


4.  Describe the process used by the board to discuss and prepare a written performance evaluation on the CEO.


5.  Describe the process used by management to obtain board approval before implementing new policies, offering a new service, or engaging in new activities.


6.  Describe management's ability to effectively handle day-to-day management leaving the board free to focus on strategic and policy issues.




1.  Has the board established a strategic plan?


a. How many years does the strategic plan address?


b. Does the plan set broad goals?


c. Which areas of the credit union's operation does the plan encompass?


d. How did you assess the credit union's strengths and weaknesses?


e. Is the strategic plan referred to frequently throughout the year?


f. Does the plan assign responsibility to individuals to accomplish these tasks and milestones?


g. Can the strategic plan be quantified to measure success?


h. Does the board packet routinely contain ratios and other quantifiable data that the board can use to measure success to their strategic plan?


i. Does the budget match and support the strategic plan?


2.  Has the board established a business plan?


a. What time period does the business plan cover?


b. Does the business plan implement the strategic plan?


c. How did the board assess the business environment in which the credit union will operate?


d.  Does the business plan include a clear, written statement of key objectives which are:


(1)  Consistent with the strategic plan?


(2) How is this measured?


3.  When were the plans implemented?


4.  How is achieving the strategic and business plans included as an performance element for key management?


Succession Planning


1.  What is your plan for succession of key management in the disaster recovery plan?


2.  How many years do your key managers state that they plan to work before retirement?


If >5 years click here: 


a. Is the board familiar with the various methods of searching for new management?


b. How often does the board discuss succession planning?


If <5 years click here:


c. Describe the optimal knowledge, skills & abilities (KSA) the board has determined is needed by a CEO to promote his / her vision for the credit union.


d. Has the board reviewed the skill set of other employees to determine if any of them can be "groomed" for the promotion to CEO?


e. What method will the board use to find a new key managers?


f. How often does the board discuss succession planning?


If <2 years click here:


g. How has the board begun implementing their plan to replace key personnel?


h. Who is on the committee established to do the tasks necessary?


i. How often is succession planning discussed at board meetings?


j. Has the board decided if there will be an overlap between the 2 persons if there is a transition period between out-going CEO and in-coming CEO?


If yes click here: 


(1). Who will establish clear limits and authorities during this transition period?


k. Who is responsible for training the new key manager?


l. Describe the compensation package for the retiring key manager (Income continuation, lump sum, continue paying benefits, life insurance coverage, etc.) and what is the total cost.


m. Describe the board's method to screen and do background checks on CEO applicants.




1.  Where does your CEO's compensation rank among the salaries of CEO's of other similar sized and complexity financial institutions?


If low compensation compared to national CEO surveys of similar size financial institutions or don't know, click here:


a. How will the board attract a replacement CEO when the time comes?


b. How has the low CEO compensation impacted the compensation level of other employees?


2.  How does the board routinely compare the compensation package given to the CEO with those of other financial institutions?



NCUA's Red Flags[1]


1.  How does the board protect the credit union from:


a.  Overly dominant manager


b.  Manager or key employee involvement in gambling


c.  Manager or key employee not taking regular vacations or always working late


d.  Nepotism


e.  Insider abuse or preferential treatment


f.  Limited personnel not conducive to segregation of duties


g.  Lack of adequate segregation of duties when there is adequate staffing to achieve such


h.  Failure to provide, delays in providing, standard reports, records, and documents


i.  Records maintained at home and not in credit union's control


j.  Management or staff provide copies of documents rather than originals


k.  Inactive Supervisory Committee


l.  Lack of, unacceptable, or non-independent audit or verification


m.  Inadequate internal controls and information system (IS) controls


n.  No internal review of override of non-financial reports


o.  Bank account frequently overdrawn


p.  Large amount of cash in transit


q.  High volume of excessive transactions


r.  Use of borrowed funds in spite of large cash balances


s.  Lack of fraud policy


t.  Extravagant management or employee lifestyle relative to salary


u.  Low return on assets or on various asset categories


v.  Payment of above market dividends to attract deposits


[1] This is an excerpt from the NCUA Examiner Guide, Chapter 7 on Management.  The Board should know what safeguards are in place to identify “red flags”, such as timing/adequacy of standard reports to Board, internal auditor reports, supervisory committee reviews, whistleblowing protections for employees, and general Board awareness of the manager’s activities.

DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

June 23, 2004  
No. B-04-06

Focus on Interest Rate Risk (IRR) Management


The Division of Credit Unions (Division) is enhancing its examination procedures on interest rate risk (IRR).  Although credit unions have successfully managed IRR during previous interest rate cycles, the current low rate environment is unprecedented.  With interest rates poised to rise, the Division is monitoring how effective credit unions with high IRR are at identifying, measuring, monitoring, and controlling the impact of changing interest rates to their balance sheet and earnings.  The Division may be contacting your credit union to inquire about balance sheet re-structuring plans if our analysis shows a high IRR rating.

To illustrate the risks that may be inherent in a credit union’s balance sheet, consider the following risk indicators, as published in NCUA’s Letter to Credit Unions #04-CU-02.  For 2003:


Board Responsibilities 

The Board has the fiduciary responsibility to ensure that the credit union operates in a safe and sound manner and remains financially healthy.  Given the current rate environment it is important that each Board devotes adequate time to consider the level of IRR in their credit union.  For all credit unions, the Division expects the Board of Directors to accomplish the following:

  1. ensure that policies for managing IRR are adequate for the size and complexity of the balance sheet;
  2. set risk exposure policy limits at prudent levels;
  3. receive timely reports sufficient to determine how well management identifies, measures, and controls IRR.

Because the ability to control IRR requires a clear understanding of the earnings and capital at risk, an effective policy should define the maximum reduction in earnings and net worth acceptable to the Board.

For credit unions with moderate to high IRR, our examiners will be interested in the Board’s understanding of the credit union’s IRR model results, assumptions used, and requirements for validation of model results.  (See discussion in Management section below on IRR models.)

Management Responsibilities

Management must have suitable controls in place to ensure the credit union does not become subject to IRR in excess of the Board’s approved policy limits.  Management is responsible for structuring the credit union’s balance sheet in a manner consistent with the Board’s IRR policy.  Management should accomplish this objective through an IRR strategy that is consistent with other strategic and business plan objectives.  There may be instances when steps taken to manage IRR conflict with or limit the credit union’s ability to attain other business goals.  For example, purchasing longer-term, higher yielding assets may enhance the net income in the short term, but may be detrimental to the long-term IRR profile and cause problems in the future.  Effective model results require the use of strategies that are consistent with strategic plans and the credit union’s will to implement them.  Otherwise, model results will not be useful.  These potential conflicts require management to have a full understanding of the reasons for adopting a given strategy, as well as the possible short and long-term impact to the financial health of the credit union.

Management is responsible for implementing systems that can identify IRR and measure it as accurately as possible.  An effective IRR identification process provides an early warning system to identify risk before options become too limited.  For credit unions with ALM models, this involves shocking the balance sheet to account for possible changes in interest rates.  The measurement of risk based on a 300 basis point change in rates, the default setting in many models, may be inadequate.  For example, in 2001, short-term interest rates changed 460 basis points.  Since 1971, short-term interest rates have been ranged between 4% and 9% eighty percent of the time.  For those credit unions with high levels of risk, worst-case scenarios and their results should be evaluated.  The potential for rapidly rising rates, above 300 basis points, should be considered. 

IRR models can provide a wide variety of measurement results based on assumptions and data placed into the model.  The IRR policy should require a certain amount of caution in setting the model assumptions.  Validating the assumptions and model results is essential.  This requires management to reconcile actual operating results and market values with those projected in the prior period IRR analysis.  Setting valid assumptions involves identifying realistic expected behaviors.  The following are important considerations:

Identifying the sources of variances will not only improve the credit union’s forecasting ability, but will add to the Board and management understanding of the major factors driving the credit union IRR exposure.

The Division encourages management to review additional reference material about IRR.  For example, NCUA has written Letters to Credit Unions regarding specific concerns about IRR. Copies are available on the NCUA website at http://www.ncua.gov/Resources/LettersCreditUnion2010.aspx


Regulatory Concerns and Updated Examination Procedures

Circumstances that will cause supervisory concerns for the Division include:

The Division is currently assessing which credit unions have a high IRR exposure.  We are also in the process of updating our supervision and examination procedures to more adequately evaluate current risks associated with the economy, balance sheet structure, and IRR management.  We will update procedures to account for differences in the complexity and IRR risk levels for state credit unions.  We expect to have these procedures in place by the end of August 2004.

The updated procedures will address both onsite exams and offsite monitoring.  For credit unions with high IRR and a complex balance sheet, the Division may schedule a limited scope onsite IRR exam.  If the credit union is already scheduled for a regular exam this summer or fall, the IRR exam will be part of the regular examination.  For all other high IRR credit unions, a limited scope exam on IRR may be scheduled.  An Asset Liability Management (ALM) Specialist will perform the IRR exam review.


To assist us with our initial determination of your credit union’s IRR profile, we ask that you complete the attached survey.  Please fax it to the Division at (360) 704-6901 no later than July 2, 2004. 


For additional information, please call Doug Lacy-Roberts at (360) 902-0507 or Jane Johnson at (360) 902-0508.

Off-site Examination Survey

(Use attachments as necessary)

Credit Union_____________________ 

Contact Person & Phone #_______________________

  1.  Measuring Interest Rate Risk (IRR)
  1. What methods or model does your credit union use to measure IRR?  Is it in-house or outsourced?  If outsourced please provide the name of your vendor.
  2. What IRR measurements does your credit union use? (i.e., NEV, NII, gap, etc.)
  3. What are your Board approved policy IRR limits?
  4. Who is the primary operator of your IRR system or model (name and title)?
  5. Describe the training the operators have been provided on your system or model?
  6. What were the results of your most recent model or IRR evaluation?
  7. Is your model used for testing various product (loans and shares) pricing options before implementing the option?  Please explain.
  1. Asset / Liability Committee (ALCO) Structure
  1. Does your credit union have a Board-appointed ALCO?
  2. By position, who sits on the committee and what background do they have in managing IRR? 
  3. How often does your ALCO meet and report its decisions and discussions to the Board?
  4. Please explain how the ALCO’s work is periodically audited or the IRR model output verified.

DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

July 9, 2004  
No. B-04-07

Member Business Loans (MBL)

The Division of Credit Unions (Division) continues to closely monitor the member business loans (MBLs) in credit unions.  This bulletin is intended to provide an examiner’s perspective on MBL portfolios.

While discussions of MBLs have been in the press lately, only a few Washington state chartered credit unions have significant portfolios of MBLs.  Half of the Washington state chartered credit unions report no MBLs.

MBLs held by Washington state chartered credit unions as of December 31, 2003

Number of CUs



Have no MBLs


MBLs-to-total assets are greater than zero and less than 5%


MBLs-to-total assets are greater than 5% and less than 12.25% of total assets


MBLs-to-total assets are greater than 12.25% of total assets


Total Washington state charter CUs as of 12/31/2003


The Division expects credit unions to demonstrate all elements of prudent risk management over MBLs, in compliance with the limitations in Chapter 208-460 WAC and consistent with the commercial loan requirements for a bank of similar asset size.  The Division will continue to work with those credit unions that choose to expand their MBLs.  However, credit unions are reminded the higher return on MBLs is offset by the significant costs and risks associated with making the loans and managing the portfolio.


Examiners will review for prudent MBL management, including sound policies.  The MBL policy requirements are contained in WAC 208-460-050.  The lending policy should not be a static document but must be reviewed annually by the Board or more frequently in light of changing circumstances, such as new regulation, local economy, or member borrowing needs. Examiners will criticize a credit union that has very broad policy guidance on MBL lending without specific limits on the MBL portfolio.  Please refer to the list of topics in Appendix A for the MBL policy.

In addition, MBL procedures are required for loan monitoring, servicing and follow-up, and collection.  The policies and procedures must should be clearly defined and set forth in a manner to provide effective supervision by the directors and senior officers. 

Lending Experience Requirements

Examiners will review resumes and other evidence demonstrating that MBL personnel are qualified based on level of education, experience, and extent of formal training.  WAC 208-460-040 requires MBL personnel to have at least two years direct experience with the type of lending the credit union will be engaging in.  Credit unions may not make construction and development (C&D) loans unless it utilizes an individual with at least five years of direct experience in C&D loans. [see WAC 208-460-030 (4)]  This experience is critical.  As a credit union increases its percentage of MBLs- to-assets, examiners expect senior management, staff, selected directors, and internal auditors to demonstrate adequate previous experience to understand and manage the risks associated with business loans. 

Administering MBL Portfolios and Participations

A few credit unions have chosen to contract with third parties for underwriting, to meet the knowledge and experience requirements for MBLs.  Others have purchased participation interests in MBLs originated by another credit union or bank.  Whether using a third party or purchasing participations, a credit union must still demonstrate it has the experienced staff to handle the initial due diligence review, the ongoing credit analysis, and ongoing administration of the portfolio.  For example: certain types of commercial lending will require extensive ongoing credit analysis to help protect the credit union investment with timely actions.  Examiners will be looking for the appropriate expertise on staff to handle all aspects of the loan relationship.  Credit unions with limited expertise on staff may do well to develop the MBL portfolio gradually over several years to allow the opportunity for staff to learn what is necessary to manage the loan relationship. 

Examination Loan Review

Examiners will perform an extensive MBL loan review.  Examiners are paying particular attention to the credit union’s MBL cash flow analysis, expecting to see a thorough analysis of sources of repayment for a loan.  Generally a MBL’s primary source of repayment will be the cash flow of the borrower with collateral as a secondary source.  Examiners will select MBLs for review based on both the risk of the loan as well as a statistical sampling.  In most exams, a significant portion of the MBL portfolio will be reviewed, which may lengthen the exam beyond the time experienced before the credit union became involved in the MBLs.

Loan Review System, Credit Grading and Allowance for Loan & Lease Losses (ALLL)

The complexity of a credit union’s loan review system should vary based upon the credit union’s asset size, type of operations, and management practices.  Examiners expect an effective loan review system but not necessarily a separate loan review department.  Examiners will check the effectiveness of loan review process.  This will include assigning initial credit grades, ensuring credit grade changes are made when needed, and compiling information necessary to assess the adequacy of the ALLL.

Accurate and timely credit grading is an essential component of an effective loan review system. Credit grading involves an assessment of credit quality, the identification of problem loans, and the assignment of risk ratings.  An effective system provides information for use in establishing valuation allowances for specific credits and for the determination of an overall ALLL level.  WAC 208-460-110 and 120 provide guidance for establishing the proper level for the ALLL.

Loans to Insiders

Examiners will verify compliance to the prohibition of loans to certain individuals associated with the credit union as contained in WAC 208-460-020.

MBLs to directors may be made only after the board of directors has approved the loan and the director(s) who is a party involved in the transaction was recused from the decision making process.   The Division defines recused as follows:  the director must be excused and leave the room before the board discusses the loan (including whether to make and how to manage the loan) and votes, returning when the discussion and vote on the MBL is concluded.  The meeting minutes must clearly state the recusal and fully document the loan consideration discussion.  Given the potential for conflict of interest, the Division cautions credit unions against making a MBL to a director.  Examiners will be reviewing these loans carefully.

Investment Properties Are MBL

A non-owner occupied 1-4 family residential property (rental) is included in the definition of MBL (WAC 208-460-010).  Examiners will verify an adequate MBL policy for rentals, meeting requirements of WAC 208-460-050 and accurate reporting on the quarterly call report.

Borrower’s Equity in Construction and Development Lending

Construction and development (C&D) loans are high-risk loans requiring sophisticated underwriting and administration.  A significant exposure in any type of construction or development loan is that full value of the collateral does not exist at the time the loan is granted.  The credit union must guard against many risks, including contractor failure to produce the project as contracted, threat of liens filed on the property, unreliable market analysis due to unmarketable or difficult-to-market project, and inadequate funding to complete the project.    Examiners will check for compliance of prudent C&D policies and procedures, such as inspections and verification that loan funds are used properly to complete construction or development of the property serving as collateral.  Examiners will also verify compliance of equity requirements required to offset some of the project risk.  For this reason, WAC 208-460-030(2) outlines the requirements for the borrower’s equity interest in a project; a minimum of 25% equity for construction and 30% equity for development loans.  Examiners will be looking for documentation of a minimum of 10% cash equity invested in the project by the borrower. 

Unfunded Commitments

A number of credit unions have been unclear about the role of unfunded commitments in the definition of MBL.  WAC 208-460-010 (1) clearly includes any unfunded letters of credit, lines of credit or commitments in the MBL balance reported on the quarterly call reports.


If a credit union has questions about any of the MBL requirements, the Division has examiner specialists in commercial lending, and is able to consult with other Division of Banks experts on MBLs on specific issues.  The Division is committed to helping credit unions continue to make member business loans in a safe and sound manner.  Please do not hesitate to contact the Division regarding MBLs. 


DCU anticipates issuing another bulletin regarding application requirements for MBL limit waivers in early August.

Appendix A

The MBL policy should address the following elements:

  1. General types of business lending in which the credit union will engage;
  2. Lending authority of each loan officer, senior credit union official, and loan or executive committee;
  3. Responsibility of the board of directors in reviewing, ratifying, or approving loans;
  4. Guidelines under which unsecured loans will be granted;
  5. Guidelines for setting interest rates and the payment terms for secured and unsecured loans;
  6. Loan-to-value (collateral) limits and the required collateral value documentation required by the credit union for each type of secured loan;
  7. Guidelines for obtaining and reviewing real estate appraisals as well as for ordering reappraisals;
  8. Maintenance and review of complete and current credit files on each borrower including leases, floor plans, inventories, as appropriate;
  9. Appropriate and adequate collection procedures including actions to be taken when borrowers fail to make timely payments;
  10. Limitations on the maximum volume of business loans in relation to total assets;
  11. Description of the credit union's normal trade area and the circumstances under which the credit union may extend credit outside of such area;
  12. Guidelines, which address the goals for the portfolio mix, risk diversification and the loan-to-one-member concentrations.  These guidelines should cover the credit union's plans for monitoring and taking appropriate corrective action, if deemed necessary;
  13. Guidelines addressing the credit union's loan review and grading system ("Watch list"); 
  14. Guidelines addressing the credit union's Allowance for Loan Losses review; and
  15. Guidelines for adequate safeguards to minimize potential environmental liability.

DCU Bulletin

No. B-04-08

Debt Cancellation Contracts & Debt Suspension Agreements


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

July 29, 2004  
No. B-04-09

I S & T Exam Modifications

We would like to make you aware of several changes to our exam process. 

Exam Scope

When the Information Systems and Technology (IS & T) examinations were implemented just over three years ago, the Division of Credit Unions began the process with a primary focus on adequate policies.  We expanded the scope after the first round of exams and are now focusing attention on the security aspects of credit union IS & T infrastructure.  Beginning in September 2004, we anticipate further broadening the scope of our exams to look more closely at the business continuity plans in place for credit unions.  Other aspects of the credit union IS & T operations will continue to receive appropriate attention.  Adequate policies, security, and business continuity plans are key elements of a sound IS & T operation.

We have asked our IS & T vendor to be available to respond to your questions about the needs of your systems.  Please use the vendor as a resource to help you evaluate where your IS&T controls could be strengthened. 

Follow up Exams

Credit unions receiving an IS & T rating of “3” are considered to have higher risk in this aspect of their operations.  Given that higher level of risk, we will be scheduling those credit unions for a follow up IS & T contact within six months after they receive the original rating.  The contact will largely focus on any requirements or recommendations relating to the IS operation of the credit union from the full exam, but may also include any new risks identified during the follow up contact.

Risk Assessment Requirements

A number of credit unions have encountered vendors using the term “risk assessment” in a manner that falls short of the requirements of NCUA Rules and Regulations Part 748, Appendix A.   The work performed under any risk assessment may be useful, but a “limited scope” assessment may not meet the NCUA Rule requirement.  When hiring vendors to perform “risk assessments,” each credit union should ensure the scope is adequate.  It is also important to be clear that the proposed vendor has the necessary qualifications for the task at hand.     

Please contact Doug Lacy-Roberts at (360) 902-0507 with any additional questions about our IS & T examinations.


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

August 30, 2004 
No. B-04-10

ALM Exam Procedures and Seminar on Interest-Rate Risk

The Division of Credit Unions (Division) recently revised its examination procedures used to evaluate how effectively a credit union is managing its interest rate risk (IRR). This examination revision was in response to the increasing level of IRR exposure found in some state credit unions based on 5300 data and on projected rising rates in coming months. The Division’s enhanced procedures will recognize the differences in complexity of state credit unions as well as address a variety of areas for exam focus.

We Recognize Differences in Complexity

Our first concern in developing the new procedures was to customize the exam process in a manner appropriate to the complexity of the credit union operation and it’s IRR. Our exam process will now define the scope of the IRR exam review as falling into one of the following IRR categories: “simple” “moderate,” or “complex.” Credit unions with conservative, short-term loans, deposits, and investments will only need to demonstrate a basic understanding of IRR. By re-pricing their shares and loans, those credit unions generally hold lower IRR. Larger credit unions or those with more complicated balance sheets will be expected to demonstrate a more comprehensive IRR management process. For credit unions with moderate to high IRR, the time and depth in examining its ALM program will be dependent on a variety of factors including asset size, net long-term assets, real estate loans, 17-4 shocked net worth reduction, type and complexity of securities held in the investment portfolio, loan and share growth, and borrowed funds. With such a variety and possible combinations of factors it would be difficult to be more specific about the line between “moderate” and “complex” in this short document.

We Will Increase Our Focus in a Variety of Areas

In developing the updated exam procedures, the Division recognizes that focus on certain practices may be very effective in reducing and/or managing risk. Except for credit unions with “simple” IRR, our examiners will focus on the following areas of analysis:

Model Sophistication

Examiners have found some credit unions using simple (for example GAP) or no ALM models for their more complex balance sheets.  The result can be inadequate measurements of IRR.  A credit union with significant IRR must determine which particular ALM model to use in identifying, measuring, and monitoring interest-rate risk.  The model must be sophisticated enough to provide results that give management appropriate information to effectively manage its IRR.  The Division will focus attention on those credit unions with inadequate measurement systems that could lead to inappropriate decisions.

Importance of Assumptions and What-if Scenarios

Examiners are finding problems with assumptions and “what-if” scenarios.  One problem is with models using default assumptions instead of assumptions tailored to the credit union’s balance sheet.  The assumptions used in the model must represent realistically anticipated behaviors, particular practices, and pricing strategies for that credit union.  A good example would be to assume non-maturity shares (such as regular shares and drafts) are all core deposits and not rate sensitive, when in fact the credit union has been paying above market rates.  Faulty assumptions could unreasonably decrease the reported IRR and lead to poor decision-making.

Integration of ALM with Strategic Planning

We are finding some ALM programs are lacking integration with long-term strategic planning.  Many activities or products identified during strategic planning could have a direct impact on the structure of the balance sheet, and thus your IRR profile.  Effective model results require the use of assumptions that are consistent with strategic plans and the credit union’s commitment to implement them.  Without that “commitment,” model results will not be useful.  A good example is a strategic plan to sell fixed rate, long-term mortgage loans, which should help control IRR.  However, if management is only willing to sell loans when a profit can be realized, the impact of IRR may be significantly increased when management procrastinates selling loans at a loss during a rising rate environment.

Policy Limits and Adherence to Policy

Examiners have found a few instances where the credit union increased the risk limits rather than implementing sound IRR mitigation plans.  As part of the enhanced exam procedures, Division examiners will pay close attention to those risk limits (or parameters) set by the Board in policy.  Lack of limits or unrealistic limits will be criticized since it is the Board’s responsibility to define those limits in directing the credit union’s tolerance for risk.  We will also determine if management is adhering to those limits and what plan of action the Board has defined for those occasions when the limits are exceeded.

Measurement System Validation

Examiners have found some credit unions believe that the examination process is sufficient to validate the credit union’s model.  This is not true.  We emphasize that the Division does not validate your model through our examination.  It is very important for the credit union to have its model independently validated on a periodic basis.  This requires a reconciliation of actual operating results and market values with those projected in a prior period IRR analysis.  Flaws in processing, assumptions, or model results can be identified through this activity and can lead to more accurate risk estimates in the future.  The credit union is responsible for developing your own validation system.

ALCO Activities and Reporting

In some instances, examiners have found that the ALCO has not been performing all of the functions necessary or has not been reporting to the board of directors adequate information for the directors to fulfill their role.  Your Asset-liability Management Committee (ALCO) will be reviewed for effective contribution to the management of the process.  The ALCO’s reports to the Board should provide enough information for effective monitoring of credit union risks by the Board. Our analysis on the composition of your ALCO will flow from the previously addressed scoping of your credit union’s complexity.


Several factors are now combining to bring attention to the need for sound IRR management practices.  First, an increased number of credit unions now have significant levels of long term fixed rate assets.  Second, interest rates have begun to rise.  Third, our examiners have identified a number of ways the IRR management could be improved.  Credit union regulators across the country are expressing similar concerns.  The Division will be working in a variety of ways to share our understanding of sound interest rate risk management practices.

Seminar on Preparing for Rising Interest Rates

On September 30, 2004, the Division and the Washington Credit Union League will be hosting a free seminar on Preparing for Rising Interest Rates through Strategic Planning.  This seminar will consist of a one hour web-cast presented by The Paragon Consulting Group, followed by a one and a half hour facilitated discussion.  To facilitate the discussion, there will be a representative from the Division and a representative from a credit union with expertise in managing interest-rate risk.  The topics of discussion will include your questions and may also include:

We have chosen five locations throughout the state to make attendance as convenient as possible.  The locations include Everett, Federal Way, Spokane, Vancouver, and Yakima.  We encourage attendance from the Board and senior operating staff.

For more information on the seminar and for registration you may go to the WCUL website at www.waleague.org/edreg_risingrates.html.  We ask that registration be complete by September 3.  The Division believes the consultants from Paragon will provide valuable information for credit union directors and management but we do not endorse either the consultants or their IRR products.  For additional information, please call Doug Lacy-Roberts at (360) 902-0507 or Jane Johnson at (360) 902-0508.


DCU Bulletin

Division of Credit Unions
Washington State Department of Financial Institutions
Phone: (360) 902-8701 FAX: (360) 704-6901

November 3, 2004 
No. B-04-11

Loan Participations

This bulletin provides guidance to credit unions to help minimize the risks inherent in purchasing and selling loan interests.

Washington State chartered credit unions (WSCUs) are allowed to purchase and sell interests in participation loans. Loan participations as either a seller (lead lender) or buyer (participant) can facilitate diversification of loan portfolios and provide liquidity.

Loan participations may be contracted before origination between a lead lender and participants, or may be contracted after origination and funding by the lead lender.  All participations should be covered by a detailed participation agreement that satisfactorily addresses the interests of each participant and the lead lender.  Participants should have their legal counsel review the agreement to assure that their interests are adequately protected.  You may want to consult legal counsel regarding whether the participation loan has been sold with or without recourse.

Legal Considerations

RCW 31.12.426(2) allows a credit union to purchase loans that meet its current underwriting policies and which the credit union is empowered to grant.  Credit unions should not rely on the lead lender’s underwriting standards.

RCW 31.12.436(1) allows credit unions to buy loans from other credit unions and to buy loans made to members held by other lenders.  However, a credit union must obtain prior approval from the Director of Credit Unions to buy loans made to nonmembers held by other lenders.  A credit union should check with their legal counsel or the Director of Credit Unions if it has questions about the authority to purchase loans.

Additionally, all other applicable statutes and rules apply to loan purchases and sales.  For example, if the purchase was a member business loan (MBL), then the credit union needs to fully comply with Washington State’s rule on member business loans, Chapter 208-460 WAC.

Federal Parity

The federal parity provision in RCW 31.12.404 (1) allows WSCUs to exercise the same powers and authorities a federally chartered credit union (FCU) had as of July 22, 2001.  Under RCW 31.12.404 (2), the Director of the Division of Credit Unions may grant WSCUs the powers and authorities that FCUs have subsequent to July 22, 2001.  When exercising a FCU power, WSCUs must comply with all the restrictions and limitations on the specific exercise of the power under the National Credit Union Administration (NCUA) statutes and rules, see RCW 31.12.404 (3).  NCUA authorizes a FCU to enter into a loan participation in 12 C.F.R. 701.22.

Safety and Soundness Guidelines Before Purchasing a Loan Participation

We recommend that a credit union, interested in buying a loan participation interest, adopt policies and procedures that address the following:

  1. The board of directors should approve a loan participation policy which covers the following:
    • States participation loans will meet the purchasing credit union’s internal underwriting standards;
    • Denotes how variances from the underwriting requirements for purchased loans will be approved by credit union officials;
    • Describes what actions credit union officials will take to reject loans that do not meet its requirements;
    • Designates which committee or individual has the authority to approve the purchase of a loan or pool of loans;
    • Addresses the required qualifications, experience and financial condition of the originating and loan servicing institution (lead lender);
    • Requires that management analyze the credit, interest rate, liquidity, compliance, and any other applicable risk that each purchased loan will add to the credit union’s risk structure; and
    • States that the loan purchases will conform to all applicable laws and regulatory requirements.

  2. The credit union should enter into a loan participation agreement approved by the board of directors or a properly delegated committee. At a minimum, the participation agreement should provide the following:
    • Identify the minimum underwriting requirements and how the underwriting documentation will be submitted to the credit union;
    • Establish the protocol for distributing loan payment proceeds, and sharing expenses and losses;
    • State how conflicts and disagreements between the parties will be resolved;
    • Identify the types of loans to be purchased under the agreement and the loan parameters (minimum acceptable underwriting requirements);
    • Address the loan servicing responsibilities and rights;
    • Discuss the contractual obligations of each of the parties; and
    • State what actions will be taken if default occurs on the underlying loan(s).

  3. The credit union should have procedures for the following:
    • Analyze thoroughly the credit quality, the condition and value of the collateral security, the adequacy of the appraisal reports, and whether the participation loans comply with applicable laws and regulations;
    • Verify the accounting for loan participations meets generally accepted accounting principles;
    • Independently assess primary and secondary sources of repayment;
    • Independently assess the servicer’s financial strength, and
    • Stay apprised of conditions affecting the collectibility of the loan(s).

Loan participations need to be factored into the Allowance for Loan and Lease Loss (ALLL) funding calculation. Participated loans should not be treated differently than non-participated loans for ALLL funding purposes.  

The intent of these guidelines is to ensure that credit unions purchase participation interests that are written to their own loan underwriting requirements and that the risks inherent in the underlying purchases have been fully evaluated. Each participant should analyze the creditworthiness of the borrower.

Other Important Considerations When Buying Loan Interests

Selling Participation Interests in Loans Originated by the Credit Union

A credit union may sell, in whole or in part, its member loan obligations.  Typically, a credit union sale of a loan interest to a financial institution, such as a bank or credit union, will be considered a loan sale.  However, if a credit union loan is sold to a non-financial institution, the sale may be treated as a sale of an investment rather than a loan and compel compliance with specific securities registration requirements.  The lead lender should consult with both legal counsel and a certified public accountant regarding legal, compliance and accounting issues.  This should include being compliant with privacy regulation requirements to ensure your credit union is satisfactory protecting its member’s non-public information.

The selling of a participation loan interest also has safety and soundness concerns.  Your credit union should have proper policies and procedures in place to assure that it satisfactorily recognizes and monitors the risks associated with selling loans.  The risks inherent in selling a participation interest center mainly around the contractual and servicing obligations of the selling credit union, as well as any recourse the seller may have to the purchaser upon borrower default.  Finally, the lead lender has an obligation to:

Please contact Doug Lacy-Roberts at (360) 902-0507, if you have any questions about this Bulletin.