Stand-Alone Reviews

Stand-alone CUSO reviews are identified during the NCUA’s annual resource budgeting process or on a case-by-case basis when circumstances warrant reviews outside of the budgeting process, as outlined in the NSPM. During a CUSO review, examiners determine the degree of risk a CUSO poses to affiliated credit unions

Field staff should refer to the NSPM for procedures and requirements for conducting a stand-alone CUSO review.

Credit unions that receive services from, invest in, or loan money to a CUSO are referred to as “affiliated credit unions,” and can be placed at risk if a CUSO’s operations pose safety and soundness concerns.

Review Objectives

The objective of a stand-alone CUSO review is to effectively determine the extent of risk a CUSO poses to affiliated credit unions. To achieve this objective, the EIC will coordinate as necessary to:

Roles and Responsibilities

Participant Role Responsibilities
  • Schedules, conducts, and coordinates the stand-alone CUSO review
  • Writes the CUSO review report
  • Conducts meetings with CUSO management
NCUA or SSA Supervisory Examiner Supervisor
  • Oversees the stand-alone review process and evaluates the quality of completed CUSO review reports
NCUA or SSA Examiner (team participant) Reviewer
  • Collects information and makes recommendations to the EIC for concerns identified during the stand-alone CUSO review
NCUA Specialist (team participant) Specialist
  • Serves as a team member and provides subject matter expertise as needed during a stand-alone CUSO review

Before Conducting a Stand-Alone CUSO Review

Many steps should be taken before conducting a stand-alone CUSO review. The EIC, or other designated person, is responsible for completing the following activities:

Activity Description
Identify review team members Because many CUSO services are highly specialized, team members should be carefully chosen. CUSO teams may benefit from examiners who have expertise in accounting, finance, information security and technology, lending, outside audits, consumer compliance, or other areas of the CUSO’s operation. These resources can be obtained within the NCUA region or Central Office as part of a CUSO stand-alone review.
Initiate contact with appropriate SSA

To avoid duplication of effort and unnecessary regulatory burden, the NCUA should use information provided by SSAs whenever possible. When applicable, the NCUA will contact the SSA to convey the agency’s concerns about the risk a CUSO poses to affiliated credit unions, and to invite the SSA’s participation on the stand-alone CUSO review. If a significant number of credit union affiliates are FISCUs, the SSA should be given the option to lead the review.

SSAs often have special CUSO review processes, which the team should consult before proceeding with a CUSO review. Some SSAs have vendor authority over the CUSOs in their state, meaning that the state regulator has legal authority to examine CUSOs and, in some cases, to require corrective action.

When initiating contact, the NCUA should request information the SSA may have regarding the CUSO’s operations.

Familiarize self and team with CUSO operation

The following activities may help examiners become familiar with a CUSO’s operation:

  • Learn about the industry in which the CUSO operates, including identifying any other state or federal regulators
  • Review prior CUSO reviews and audit results in applicable credit union exam reports
  • Review CUSO Registry information
Initiate contact with CUSO

The EIC contacts the CUSO’s CEO, president, or chairman to discuss the purpose of the upcoming review, schedule a mutually agreeable review date, and discuss the anticipated timeline.

The NCUA should provide the CUSO a pre-review letter, as well as a list of items requested for the review 30 days prior to the start of the review per the NSPM. A list of items commonly requested for a stand-alone CUSO review is available in the CUSO Controls (IC – CUSO).

Scoping a Stand-Alone CUSO Review

The next step in a stand-alone CUSO review is to scope the review. To effectively do so, CUSO examiners should understand the services offered by the CUSO as well as general market trends and conditions.

The NSPM requires examiners to complete the CUSO Review Scope Workbook for all stand-alone CUSO reviews. The CUSO Review Scope Workbook provides a framework of topics examiners should consider when completing the scoping process.

The CUSO Scoping Workbook contains a Core tab that includes review steps common to all CUSOs regardless of service type. These review steps are, in large part, based on requirements outlined in NCUA regulation part 712, Credit Union Service Organizations (CUSOs). Other tabs, as detailed in the table below, should be completed depending on the products or services offered by the CUSO. The IS&T worksheet, which addresses information security and technology, will also apply to most CUSOs and may be applicable for most reviews.

Tabs for CUSOs that Offer Specific Product or Service
  • Consumer loans
  • Mortgages
  • Member business loans
  • Indirect loans
  • Private student loans
  • Payday loans
  • Trusts
  • Payment systems
  • Information systems & technology

It is important to note that not every service or product offered by a CUSO is included in the workbook. Further, not every step outlined in the workbook is required for every CUSO. The EIC should develop a scope specific to the CUSO using the format provided in the workbook based on examiner judgment. The scope should reflect the types of services and potential risks that are evident in the CUSO. As examiners become familiar with a CUSO’s operations, they may need to update or modify the scope to achieve a more effective review.

Conducting a Stand-Alone CUSO Review

A stand-alone CUSO review should emphasize any areas of immediate concern identified during the scoping process. The information obtained during the scope development, in addition to the nature of services offered by the CUSO, will determine the extent of procedures necessary to complete a CUSO review.

Given the limited authority the NCUA has over CUSOs, examiners should consult with their supervisor if they encounter circumstances that cannot be resolved during the contact. If a dispute arises between an examiner and CUSO management regarding access to books and records, the examiner should confer with their supervisor to resolve the issue.

Discuss Review Findings with CUSO Management

During the stand-alone CUSO review, staff should discuss their findings and recommended corrective action with CUSO management. The discussion should address the nature and extent of managerial planning, the overall reasonableness of the CUSO’s business plan (including budgetary projections), and any concerns noted during the review.

As during credit union examinations, examiners should remain professional in their dealings with CUSO management and cooperate to achieve common goals. While the NCUA does not have regulatory authority over CUSOs, the agency is responsible for ensuring the safety and soundness of credit unions’ dealings with CUSOs.

Prepare CUSO Review Report

CUSO review reports should be prepared in accordance with the NSPM.

Examiners do not need to upload an AIRES file for a stand-alone CUSO review.

The NSPM provides specific procedures to process and distribute a CUSO review report. Examiners must use approved templates provided in the NSPM to ensure consistency.

The procedures outlined in the NSPM allow CUSO management to respond to a draft CUSO review report. The EIC will use the Draft Report Cover Letter to CUSO template to create a transmittal letter for the draft report.

It is important that the EIC evaluate the adequacy of management’s response and ensure applicable concerns are addressed in the final review report prior to distribution.

Finalized CUSO review reports are distributed to CUSO officials, officials of each federally insured credit union that invests in or loans to the CUSO, and any applicable SSA(s).

CUSO Review Report Maintenance

All CUSO review reports are maintained on the CUSO SharePoint site maintained by NCUA's Office of Examination and Insurance. Review reports are organized by EIN and CUSO name. For more information about how to add a review report to the CUSO SharePoint site, see the NSPM.

It is critical that EINs are accurate, since the EIN is the primary identifier for the CUSO on the SharePoint site.

Meet with Management (optional)

Once a final review report has been distributed as outlined in the NSPM, the EIC may schedule a management conference with CUSO officials. This conference is not mandatory; the decision to hold such a meeting should be based on the level of concern identified during the review.

The NSPM provides additional detail on the management conference and distribution of final review report, including related timeframes and SSA involvement.

Last updated August 9, 2018