Effective Date: June 30, 2014
The NCUA has amended—or rather, significantly expanded—the scope of the existing CUSO (Credit Union Service Organization) rule. Although NCUA does not have direct statutory authority to regulate CUSOs, it does have the authority to regulate the investments and loans a credit union makes to a CUSO. NCUA believes the changes made to the CUSO rule are necessary in order to safeguard the NCUSIF, which has experienced some losses as a result of CUSO failures. Their objectives for the new rule are to broaden the scope of the coverage in order to better understand CUSO activities and to have greater ability to evaluate their financial strength.
So what does this rule actually do? Specifically, the final rule expands the coverage of the provisions that pertain to financial statements, accounting requirements, and audits to federally insured, state-chartered credit unions (FISCUs). The final rule also limits the ability of “less than adequately capitalized” FISCUs to recapitalize CUSOs in which they are owners. Lastly, there are new reporting requirements for CUSOs, as well as new requirements for subsidiaries of CUSOs.
Operational Requirements
Expanded Requirements for FISCUs
Currently, only two provisions of Part 712 apply to FISCUs: the need for corporate separateness and the requirement to provide NCUA and state regulators with access to the CUSO’s books and records. The new rule adds several other provisions to those that apply to FISCUs.
The first change affects situations in which a FISCU wants to recapitalize an insolvent CUSO. Effective June 30, 2014, FISCUs that are less than adequately capitalized or a FISCU that would become less than adequately capitalized by the recapitalization of a CUSO must obtain prior written approval from the appropriate state agency before making an investment that results in a cash outlay—measured on a cumulative basis over seven years—in a CUSO in an amount that exceeds their state investment limit. If their state does not set an investment limit for investments in CUSOs, the FISCU must obtain approval from the appropriate state agency before making an investment in a CUSO that will result in an aggregate cash outlay, measured on a cumulative basis over a 7-year period, which would exceed 1% of the FISCU’s paid-in and unimpaired capital and surplus. FISCUs must also submit a copy of their requests to NCUA in order to apprise them of the activity. The important take away here is that this rule change does not require that a less than adequately capitalized FISCU divest itself of its investment in the CUSO. It is just not able to make additional investments without prior written consent from the state regulator.
Beginning on June 30, 2014, a FISCU’s agreement with a CUSO must require that the CUSO use GAAP accounting methodology, provide financial statements on a quarterly basis, and obtain an annual financial statement audit by a licensed certified public accountant. On the other hand, a CUSO that is wholly owned by one FISCU is not required to obtain a separate annual financial statement audit if the CUSO is included in a consolidated financial statement audit of its credit union owner.
New Reporting Requirements
CUSOs will be required to report information directly to NCUA and the appropriate state regulatory agency, if applicable. The good news is that NCUA is not going to begin requiring the annual reports until December, 2015. A draft of the reporting form is attached to the final rule.
The nature of the information a CUSO will report depends on whether the CUSO is engaged in complex or high-risk activities. Complex or high-risk activities are defined as:

  • Credit and lending, which includes business loan originations, consumer mortgage loan originations, loan support services (including servicing), student loan origination, and credit card loan origination;
  • Information technology, including electronic transaction services, record retention, security and disaster recovery services, and payroll processing services; and
  • Custody, safekeeping, and investment management services for credit unions

CUSOs not engaged in complex or high-risk activities, as noted above, will only need to report the following general information, including:

  • The CUSO’s legal name;
  • Tax ID number;
  • Address;
  • Telephone number;
  • Website address;
  • Primary point of contact;
  • Services offered;
  • Name and charter number(s) of the credit unions that have invested in, lent money to, or that just contract for services from the CUSO, as well as
  • Investor(s) and/or subsidiary CUSOs.

CUSOs that are engaged in one or more complex or high-risk activities will be required to report the following additional information:

  • The services provided to each credit union that has invested in, lent money to, or is receiving services from the CUSO, as well as the amount of their investment, loan or level of activity;
  • The CUSO’s most recent year-end audited financial statements; and
  • For CUSOs involved in credit and lending services, the following activity by loan type: total dollar amount and number of loans outstanding and the total dollar amount and number of loans granted year-to-date.

Credit unions that participate in CUSOs that engage in complex or high-risk activities will need to obtain a written agreement from the CUSO before investing in or lending to the CUSO that states that the CUSO will submit the required information to NCUA and the appropriate state regulator, if applicable. This agreement or amendment to an existing agreement needs to be obtained by June 30, 2014.
Newly formed CUSOs must file an initial information report within 60 days of formation. CUSOs that were not previously involved in complex or high-risk activities may later become involved in complex or high-risk activities as a result of a merger or through an expansion of products and services and, if this occurs, must begin complying with the increased reporting requirements within 60 days.
Subsidiary CUSOs
Historically, CUSOs have sometimes been structured in a tiered format with a holding company or a parent company under which there are a series of subsidiary companies that provide an array of services. NCUA wants to ensure that it has the ability to obtain information and access to the parent or holding company CUSO, as well as the subsidiary CUSOs that are providing the products and services. As a result, a new section has been added to the CUSO rule (section 712.11) that is applicable to both federal credit unions and FISCUs that prohibits investments in a CUSO unless all subsidiary CUSOs are in compliance with the CUSO rule. In other words, any CUSO in which a CUSO invests, including any entities that have the appearance of being formed with the intent and purpose of evading the CUSO rule, is subject to the CUSO rule. It should be noted, however, that this provision does not apply to third parties with whom the CUSO contracts for business or for subsidiary companies that do not meet the definition of a CUSO.
State Exemptions
Currently, the CUSO rule allows state supervisory authorities to apply for exemptions on behalf of FISCUs from the provisions regarding access to books and records in situations where the state already has equivalent or more stringent rules. This exemption process has been expanded to include exemptions from the new requirements for FISCUs regarding financial reporting, audits, and accounting practices.
If these new NCUA processes are successful, compliance with the rule amendment will help to protect FISCUs from CUSO failures.