NCUA’s Inspector General sends a semi-annual report to Congress, and that report is one of the most underused windows we have into how credit unions actually fail. The most recent report, covering April through September 2025, lists seven credit union failures and the root causes behind each one. The data tells a story that every CEO and board member should sit with for a few minutes.

The Failures

Seven credit unions failed during the reporting cycle. The two largest losses — the cases involving Unilever Federal Credit Union ($8.44 million) and Aldersgate Federal Credit Union ($7.98 million) — were both driven by internal fraud. Combined, those two cases account for more than $16 million of the damage to the share insurance fund. The remaining five failures were smaller in dollar terms but carried their own lessons: weak leadership and inaccurate books at Total Community Action Federal Credit Union, loan portfolio visibility failures at Eastern Kentucky Federal Credit Union, insolvency and Federal Credit Union Act violations at Seoul Community Federal Credit Union, record keeping and Bank Secrecy Act and information technology compliance failures at Butler Heritage Federal Credit Union, and pervasive record keeping problems at Members 1st of Maryland Federal Credit Union.

Four of the seven failures involved significant record keeping problems. That is not a coincidence. Bad books are a force-multiplier for every other control breakdown. When the numbers in front of the board are wrong, every downstream judgment — by the supervisory committee, by the auditor, by the examiner — is being made on corrupted information.

The Fraud Triangle

Certified fraud examiners describe three elements that enable every fraud: pressure, opportunity, and rationalization. Pressure is the ignition — personal financial stress, lifestyle creep, performance demands. Pressure alone does not cause fraud, but it is what lights the match. Rationalization is the story the perpetrator tells themselves: I’ll pay it back, they owe me. The longer someone has been trusted, the larger the eventual loss tends to be, because trust and access compound over time.

Opportunity is the corner you can actually engineer. The Association of Certified Fraud Examiners has consistently found that internal control weaknesses — not phishing attacks, not external attackers — drive nearly half of all occupational fraud. That is the lever credit unions have control over.

What Examiners Pattern-Match

NCUA examiners are pattern-matching against the failures they have seen before. When they ask hard questions about loan stratification, concentration reports, delinquency trend analysis by product and vintage, liquidity reporting verification, supervisory committee activity, Bank Secrecy Act compliance, and information technology controls, they are not being adversarial. They are carrying institutional memory about how credit unions actually fail. Treating those questions as friction misses the point.

The Supervisory Committee Question

In all seven failures, the supervisory committee was nominally the first line of defense. In all seven, that line bent or broke. The supervisory committee in a small credit union is typically volunteer-staffed and lightly trained. That is not an excuse — it is a design constraint that has to be acknowledged and compensated for. Direct access to the auditor, written annual fraud inquiries, sampling of member statements, and review of account maintenance reports are inexpensive controls. Skipping them leaves the credit union exposed.

A Practical Prevention Playbook

For credit unions under $50 million in assets, the structural reality is that you cannot fully segregate duties with the staff you have. The compensating controls are well-established: surprise cash counts, mandatory consecutive vacation policies (most internal fraud surfaces when the perpetrator is forced away from the books), an anonymous reporting hotline, an annual written fraud inquiry to the auditor, and bond coverage that has been reviewed against current risk — because losses can sometimes be recovered. For mid-size and larger credit unions, the additional tools include behavioral analytics and AI-driven outlier monitoring, role-based access controls, an internal audit function with fraud-specific reviews, and more granular loan portfolio visibility.

In every case, the fraud risk assessment should be a living document covering member risk, product risk, and enterprise risk — not an annual checkbox.

The Bottom Line

NCUA is operating with roughly 27% less staff after the buyout. Fewer examiners on the road means fewer drive-bys and tighter exam scope. The fraud-detection infrastructure that the previous Inspector General built inside the agency — examiner fraud checklists, scope steps, job aids — may be applied less consistently going forward. That is not a forecast. It is a probability statement. Credit unions that close the gap themselves — by tightening controls, training their supervisory committees, and treating their fraud risk assessment as a living document — will be the ones that show up in the next IG report only as quiet, well-run institutions, not as case studies.