Proposed NCUA Interest Rate Risk Policy and Program


The NCUA is proposing a new requirement that certain federally insured credit unions must have a written policy for interest rate risk management as part of their asset liability management responsibilities.  This rule will take effect on September 30, 2012.

What are the penalties for non-compliance?

The NCUA will use compliance with this rule as one of the factors in determining the insurability of a credit union.

Who must comply with the new rule?

Credit unions must comply with this rule if:

  • They are federally insured, and
  • Have more than $50 million in assets, or
  • Have between $10 and $50 million in assets and meet the Supervisory Interest Rate Risk Threshold Ratio (“SIRRT ratio”).

 Credit unions with assets under $10 million do not need to comply with this rule.

What is SIRRT?

The formula for SIRRT is calculated by adding total first mortgages held plus total investments with maturities greater than 5 years and divide the total by Total Net Worth.

(Total First Mortgages Held) + (Total Investments with maturities greater than 5 years)
Total Net Worth

 If the number from this formula is greater than 100%, and the credit union is federally insured with $10 to $50 million in assets, the credit union must comply with this rule.  Note that all federally insured credit unions over $50 million in assets must comply with this new rule, and no credit federally insured credit unions under $10 million in assets must comply.  For the purpose of compliance with this rule, SIRRT only applies to credit unions between $10 million and $50 million in assets.

Why is the NCUA concerned about SIRRT and interest rate risk?

According to the NCUA, residential first mortgages account for nearly a third of credit union assets, which is approximately double what the credit union industry held in 1996.  The NCUA views SIRRT as a reliable indicator of interest rate risk concentration in a particular credit union.  The NCUA is looking to ensure that all credit unions over $50 million in assets and those over $10 million that have large first mortgage concentrations are effectively managing interest rate risk. 

What does a credit union need to do in order to prove compliance?

The regulation appreciates that size and complexity of the credit union will influence the size and complexity of the credit union’s interest rate risk policy and program.  Some of the commonalties to every policy will include the following:

Policy must include:

  • Establishment of board of director oversight on interest rate risk.
  • Setting risk tolerances through the enforcement of reasonable interest rate risk limits.
  • Establishment of a committee or individual responsible for interest rate risk reporting, and minimum standards for reporting frequency.
  • Timely reporting to the board of directors of interest rate risk findings.
  •  Periodic review of policy effectiveness.


Program must include:

  • Evaluation of all interest rate risk exposures, including measurement and monitoring, as well as quantification of the findings.
  • System of internal controls designed to prevent excessive interest rate risk.
  • Evidence that management and the board of directors take interest rate risk into consideration for strategic planning and business initiatives.


The complexity of the reporting will vary with the complexity of the credit union.  Note that many credit unions may already be in compliance with this regulation through their current ALM program, and others may only need to make minor tweaks to their policy or program.

Where can I find some sample policies if I don’t have one?

PolicySwap is a growing library of policies and programs for credit unions to review and modify as their needs dictate. 

Additional Resources

Interest Rate Risk Policy and Program Federal Register, Volume 77, No. 22, Rules and Regulations (Thursday, February 2, 2012)

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>