• Thu, July 31 2025
  • Contact Us
  • Advertise
Subscribe
CU Daily – theCUDaily.com logo

NCUA Missing 2 Critical Tools in Monitoring CU Use of AI, Says GAO Report

ALEXANDRIA, Va.–NCUA is missing two critical tools that are hurting its ability to monitor how credit unions are using artificial intelligence, according to a new study by the Government Accountability Office (GAO). 

GAO’s study found that the model risk management guidance NCUA uses is “limited in scope and detail.” The GAO report examines a number of financial regulators in addition to NCUA.

GAO noted its recommendations for NCUA are hardly new, pointing out that 10 years ago it also recommended Congress grant NCUA regulatory authorities to examine technology service providers. That third party oversight, which some NCUA board members have asked for over the years, has gone unheeded, has been opposed by the credit union trade groups. 

Lacking Oversight

In its new report, GAO said the agency lacks the oversight “despite credit unions’ increasing reliance on (third parties for) AI-driven services.”

As a result, GAO said, NCUA is unable to supervise credit unions in the same way other regulators, including the Federal Reserve, FDIC and  Office of the Comptroller of the Currency, are able to do.

The report details how the agencies, including NCUA, use AI as a tool in supervision. NCUA told GAO it is developing a process for offices to request the use of AI tools developed by third parties. 

The Recommendation

The report recommends the NCUA’s chairman, Kyle Hauptman, update the agency’s model risk management guidance to encompass a broader a variety of models used by credit unions and provide additional details on key aspects of effective model risk management. 

“NCUA generally agreed with our recommendation. In its written comments, NCUA noted it will review contemporary sound practices on model risk management, such as the banking regulators guidance, and provide information and clarity to examiners and credit unions,” GAO said. “NCUA’s plans to review current model risk management practices are consistent with the intent of our recommendation. However, we maintain that NCUA should update its guidance so that it contains more details on key aspects of model risk management and information on it additional types of models. 

‘Risks’ to Authority

“In addition, NCUA acknowledged our recommendation to Congress that it considered providing NCUA authority to examine technology service providers of credit unions,” GAO continued. “However, the chairman noted that there are risks to providing NCUA such authority, including a possible reduction in the quality and quantity of services provided to credit unions and financial and operational risks for credit unions. However, we maintain that examination authority over third party service providers would enhance NCUA’s ability to monitor and address third party risks and ensure the safety and soundness of credit unions.”

Facebook
Twitter
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CU Daily – theCUDaily.com logo

Never miss any important news. Subscribe to our newletter today!

Subscribe Now
Copyright 2025 The CUDaily. All Rights Reserved.