The National Credit Union Administration (NCUA) recently announced a notable shift in its supervisory approach: the discontinuation of individual risk ratings for the seven traditional risk categories – Compliance, Credit, Interest Rate, Liquidity, Reputation, Strategic, and Transaction. While this change aims to streamline examination reports and reduce redundancy with CAMELS ratings, it also presents a pivotal moment for credit unions to reassess their internal risk management frameworks.
As a strategy and risk management consulting firm, we view this development not as a reduction in regulatory scrutiny, but as a call to action for credit unions to take greater ownership of their risk posture through a robust Enterprise Risk Management (ERM) program.
The Implications of NCUA’s Shift
Historically, NCUA examiners assigned qualitative ratings (High, Moderate, Low) to each risk category, providing credit unions with a granular view of their risk exposure. With the September 2025 update to the MERIT system, these ratings will no longer be disclosed or assigned. Instead, risk will be assessed more holistically and used to support CAMELS ratings and corrective actions. Examiners will continue using risk categories to categorize review areas.
While this may simplify the examination process, it also removes a layer of transparency that many credit unions relied upon to benchmark and prioritize risk mitigation efforts. Without explicit ratings, the burden of identifying, quantifying, and managing risk shifts more squarely onto the shoulders of credit union leadership. It’s imperative credit unions maintain internal processes to ensure they are being proactive in identifying and understanding their risk profile and addressing any material risks and concerns.
Why ERM Is Now Essential
In this new environment, a meaningful ERM program is not just a best practice; it’s a strategic imperative. Here’s why:
- Proactive Risk Identification: Without external ratings, credit unions must develop/maintain internal capabilities to identify emerging risks across all risk categories. ERM frameworks provide the structure to do this systematically.
- Strategic Alignment: ERM integrates risk management with strategic planning, ensuring that growth initiatives are pursued with a clear understanding of associated risks.
- Board and Executive Oversight: A mature ERM program enhances governance by equipping boards and executives with actionable insights into the institution’s risk profile. This becomes even more critical in the absence of detailed examiner ratings.
- Regulatory Confidence: While NCUA will continue to assess risk, credit unions with strong ERM programs will be better positioned to demonstrate control effectiveness and resilience, potentially influencing CAMELS ratings favorably.
- Operational Resilience: ERM helps institutions prepare for and respond to disruptions, whether financial, technological, or reputational, by embedding risk awareness into daily operations and into the culture of the organization.
Building a Meaningful ERM Program
As we’ve always said, a meaningful ERM program goes well beyond compliance. It should be:
- Integrated: Risk management must be embedded across departments, not siloed in compliance or audit functions.
- Dynamic: Risks evolve, so should your ERM program. Regular updates, scenario planning, and stress testing are key.
- Data-Driven: Use metrics and dashboards to monitor risk indicators and inform decision-making.
- Culturally Embedded: Risk awareness should be part of the organizational DNA, from frontline staff to the boardroom.
Final Thoughts
The NCUA’s decision to discontinue risk ratings is a reminder that regulatory frameworks evolve, but risk itself does not disappear. Credit unions must rise to the occasion by investing in enterprise-wide risk management capabilities that are proactive, strategic, and resilient.
At Rochdale, we help credit unions design and implement ERM programs tailored to their size, complexity, and strategic goals. Along with our industry-leading apogee iQ software, credit unions have access to a partner ensuring an effective and meaningful ERM program.
We’d welcome the opportunity to partner to turn this regulatory shift into an opportunity to strengthen the future of your credit union. Reach out at [email protected] to learn more.