The National Credit Union Administration has published its supervisory priorities for 2026. The letter provides guidance to credit unions on the areas of operations that pose the “highest risk to credit union members, the credit union industry, and the National Credit Union Share Insurance Fund.”

In the letter from Chairman Kyle Hauptman, he stated that 2026 will be a continuation of its 2025 efforts to create “a more efficient and tailored examination program as well as continued implementation of Presidential executive orders and other laws, including the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act.”

NCUA split the priorities into three key areas: balance sheet management, operational risk management, and compliance risk management.

Balance sheet management

In the area of balance sheet management, NCUA highlighted a few areas of interest, including lending, sensitivity to market risk and liquidity, and earnings and capital adequacy.

With loan growth and performance struggling in recent years, while delinquency and loss rates growing, lending is an area of concern for the regulator, who says it will focus on lending and related risk-management practices. It will also be looking closely at how credit unions “identify, measure, monitor, and control interest rate and liquidity risks through sound modeling practices, reasonable assumptions, and appropriately tiered scenarios.”

Lastly, while NCUA recognizes that capital levels have generally stayed strong, the outlook on earnings is less rosy, and it will look at whether credit union earnings can support capital targets.

Operational risk management

From an operational standpoint, NCUA will be looking more closely at payments systems and fraud prevention/detection in 2026. As the payments environment grows increasingly complex, with a greater degree of system integration required, operation and security risks grow more complex with them. As such, Hauptman wrote that examiners will be looking closely at how credit unions conduct risk assessments, vendor management, and security systems to protect against fraud and cyber threats.

Speaking of fraud, this is an area that is fast-moving and quickly evolving. One area that NCUA identifies as an area perhaps more easily monitored is the adequacy of internal controls to prevent insider abuse. For fraud from outside sources, NCUA says it will be working with related communities to “enhance fraud prevention and detection awareness and capabilities where possible.”

Compliance risk management

And its final priority for 2026 is in the area of Bank Secrecy Act (BSA) compliance and Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) programs. Rather than identifying areas credit unions may be failing, the letter recognizes the burden of BSA compliance and its role in reducing those burdens while also maintaining effective programs. NCUA indicated that “significant developments and changes” are expected in 2026, and credit unions should stay up to date on BSA rules to remain in compliance. As far as examinations go, NCUA will be looking at credit union programs to ensure they are well-tailored to the institution.

For additional details and information, credit unions can read the full letter from the NCUA on their website.