- The CCO exam covers four distinct domains: Regulatory Basics, Deposit and Account Compliance, Lending Compliance, and BSA/AML and Operational Compliance.
- Lending Compliance and BSA/AML are the most regulation-dense domains and deserve the most dedicated study time.
- CCO candidates must understand credit-union-specific regulatory frameworks, not just generic banking compliance rules.
- Question stems on the CCO exam are scenario-based, testing applied judgment rather than pure memorization.
What Is the CCO Exam?
The Credit Union Compliance Officer (CCO) certification is a credential designed specifically for compliance professionals working inside the credit union industry. Unlike broader banking compliance certifications, the CCO is built around the regulatory environment that credit unions actually operate in - from the National Credit Union Administration (NCUA) oversight framework to the member-centric deposit and lending products that distinguish credit unions from commercial banks.
Earning the CCO credential signals to employers, regulators, and colleagues that you have mastered the compliance obligations unique to the credit union charter. It is not a generalist financial services certification. Every domain, every question, and every topic on the exam is anchored to credit union operations.
If you are preparing for this exam in 2026, understanding the structure before you open a single study resource is essential. The sections below break down exactly what the exam tests, how questions are written, and what a disciplined preparation plan looks like - all tied to the specific domains that appear on your test day.
The Four Exam Domains Explained
The CCO exam is organized into four domains. Each domain represents a distinct functional area of credit union compliance, and the exam tests knowledge across all four. There is no optional material - every domain appears on the exam, and gaps in any one area can cost you the credential.
Domain 1: Credit Union Regulatory Basics
This domain establishes the foundational regulatory framework governing credit unions. Candidates must understand how credit unions are chartered, examined, and supervised - and how that structure differs from commercial banking regulation.
- NCUA chartering and examination authority
- Federal vs. state-chartered credit union distinctions
- Field of membership requirements and limitations
- NCUA Rules and Regulations Part structure
- Role of the compliance officer within credit union governance
Domain 2: Deposit and Account Compliance
This domain focuses on the regulatory obligations that attach to member deposit accounts, from account opening through ongoing maintenance and closure.
- Truth in Savings Act (TISA) and Regulation DD disclosure requirements
- NCUA share insurance (not FDIC) coverage rules and member disclosures
- Regulation E and electronic fund transfer obligations
- Dormant account and escheatment compliance
- Minor and joint account regulatory requirements
Domain 3: Lending Compliance
Lending compliance is typically the largest and most regulation-dense domain on the CCO exam. Candidates must demonstrate command of both consumer and, where applicable, member business lending regulations.
- Truth in Lending Act (TILA) and Regulation Z disclosures and timing rules
- NCUA member business lending regulations and aggregate loan caps
- Fair lending: Equal Credit Opportunity Act (ECOA) and Fair Housing Act application
- HMDA reporting obligations for credit unions meeting coverage thresholds
- Real Estate Settlement Procedures Act (RESPA) and mortgage servicing rules
- CFPB supervisory authority over larger credit unions
Domain 4: BSA/AML and Operational Compliance
This domain covers the Bank Secrecy Act framework as applied to credit unions, along with the broader operational compliance obligations that run across all credit union functions.
- Currency Transaction Report (CTR) filing thresholds and procedures
- Suspicious Activity Report (SAR) requirements and confidentiality rules
- Customer Due Diligence (CDD) and Beneficial Ownership rules under FinCEN
- OFAC compliance and sanctions screening
- BSA Officer designation and board reporting requirements
- Vendor management and third-party oversight compliance obligations
Domain Deep Dives: What You Actually Need to Know
Regulatory Basics Is Not Just Background Reading
Many candidates treat Domain 1 as orientation material and underinvest in it. That is a mistake. The CCO exam uses regulatory basics questions to test whether you can apply the NCUA's supervisory framework to real compliance decisions. Expect questions that present a scenario - a credit union considering a new field of membership expansion or a proposed policy change - and ask you to identify the correct regulatory pathway or approval requirement.
You need to know the difference between a federally chartered credit union's obligations under NCUA and a state-chartered, federally insured credit union's dual regulatory relationship. That distinction shows up in exam scenarios about examination authority, insurance coverage disclosures, and which agency's rules govern specific products.
Deposit Compliance Requires Precision on Disclosure Timing
Domain 2 is heavily tested on timing. Regulation DD, for example, has specific rules about when account disclosures must be provided - at account opening, upon request, when terms change. The CCO exam will test those timing rules with scenario questions: "A member requests a new share certificate. When must the credit union provide the Regulation DD disclosure?" Knowing the general rule is not enough. You need to know the exact trigger and timing requirement.
NCUA share insurance is another area where credit-union-specific knowledge is critical. Because credit unions are insured by the NCUSIF (not the FDIC), the disclosure requirements, signage rules, and coverage explanation obligations differ. Candidates who have only studied FDIC insurance contexts will encounter specific gaps here.
Lending Compliance: The Regulation-Dense Core
Domain 3 demands the most preparation time for most candidates. The interplay between Regulation Z, ECOA, HMDA, RESPA, and NCUA member business lending rules creates a complex regulatory landscape. On top of that, credit unions must navigate CFPB supervisory authority - which applies to credit unions above a certain asset threshold - alongside NCUA examination requirements.
For the exam, pay particular attention to the NCUA's member business loan regulations, which impose aggregate lending caps and specific underwriting documentation requirements that do not apply to commercial banks. These are high-frequency CCO exam topics precisely because they are unique to the credit union charter.
Fair lending is tested in applied terms. You will not simply be asked to define disparate impact - you will be given a loan denial scenario and asked whether it raises a potential ECOA or Fair Housing Act issue, and what the compliance officer's appropriate next step is.
CCO Question Style and Format
The CCO exam uses scenario-based multiple-choice questions. This format is important to understand before you begin studying, because it changes how you prepare.
A scenario-based question presents a fact pattern - a compliance situation at a hypothetical credit union - and asks you to identify the correct regulatory requirement, the appropriate compliance officer action, or the specific disclosure obligation that applies. You are not being asked to recite a regulation. You are being asked to apply it.
| Question Type | What It Tests | How to Prepare |
|---|---|---|
| Regulatory identification | Which regulation governs a specific credit union activity | Map activities to regulations; use domain-by-domain review |
| Disclosure timing | When and how a specific disclosure must be delivered | Memorize timing triggers for Regulation DD, Z, E, and HMDA |
| Compliance officer judgment | What the CCO should do given a specific scenario | Practice with scenario-based questions; use the CCO practice test platform |
| Regulatory threshold | Whether a specific rule applies based on asset size, loan volume, or other threshold | Know HMDA, CFPB, and NCUA coverage thresholds specifically |
| BSA procedural compliance | SAR filing triggers, CTR exemptions, OFAC screening steps | Drill BSA/AML scenarios with applied question sets |
The key implication: passive reading of regulatory summaries is insufficient. You need active, applied practice - working through questions that mirror the format and complexity of the actual exam. The CCO practice test tool is structured specifically around these four domains and this question style.
Who Hires CCOs and Why This Certification Matters
Credit unions of all asset sizes hire for compliance officer roles, but the CCO credential carries particular weight in mid-size and larger credit unions that face heightened regulatory scrutiny. As credit unions grow past certain asset thresholds, CFPB supervisory authority activates, HMDA reporting obligations may apply, and the complexity of BSA/AML program requirements increases substantially.
Compliance departments at these institutions want credentialed professionals who have demonstrated mastery of the full regulatory landscape - not just one slice of it. The CCO certification is evidence of that breadth. It signals that you understand not just BSA or just lending, but the integrated compliance obligations that run across the entire credit union operation.
Credit union leagues, trade associations, and CUSO compliance service providers also value the CCO credential for staff who advise member credit unions on regulatory matters. If your work involves helping multiple credit unions navigate compliance, the CCO demonstrates that your advice is grounded in certified knowledge of the regulatory framework those institutions operate under.
Key Takeaway
The CCO is not just a hiring credential - it shapes how seriously regulators and examiners view your credit union's compliance program. A credentialed compliance officer signals to NCUA examiners that the institution has invested in professional compliance leadership, which matters during examinations and in the event of a compliance deficiency finding.
A Domain-First Study Schedule
Generic study advice - flashcards, weekly reading blocks, Pomodoro sessions - is only useful when anchored to the specific content you need to master. For the CCO exam, the sequencing of domain study matters because the domains build on each other. Domain 1 establishes the regulatory framework that makes Domains 2, 3, and 4 make sense.
Domain 1: Regulatory Foundations
- Study NCUA chartering authority, field of membership rules, and examination framework
- Map the difference between federal and state-chartered credit union oversight
- Use spaced repetition flashcards for key NCUA regulation part numbers
Domain 2: Deposit and Account Compliance
- Drill Regulation DD and Regulation E timing requirements
- Study NCUSIF insurance disclosure rules and compare to FDIC equivalents
- Work through 20+ scenario-based deposit compliance questions
Domain 3: Lending Compliance (Extended Focus)
- Spend two weeks here - this is the most content-dense domain
- Study Regulation Z, ECOA, HMDA, RESPA in sequence, then NCUA MBL rules
- Practice fair lending scenario questions daily using the CCO practice test platform
Domain 4: BSA/AML and Operational Compliance
- Focus on CTR and SAR procedural requirements, CDD/Beneficial Ownership rules
- Study OFAC screening obligations and BSA program components
- Review BSA Officer duties and board reporting requirements
Full-Length Practice and Weak Domain Remediation
- Take full-length timed practice exams across all four domains
- Identify weak areas by domain and complete targeted question sets
- Review the article How to Pass the CCO Exam in 2026 for last-mile preparation strategies
Registration and Exam Mechanics
The CCO certification exam is offered for credit union compliance professionals seeking to validate their expertise through a formal credentialing process. Before registering, confirm that you have reviewed the current candidate handbook for the most up-to-date eligibility requirements, examination windows, and fee structures, as these details can change between exam cycles.
When you register, understand that the exam is domain-balanced. You will be tested across all four domains - Regulatory Basics, Deposit and Account Compliance, Lending Compliance, and BSA/AML and Operational Compliance - in a single sitting. There is no option to test on individual domains separately, which is why comprehensive preparation across all four areas is non-negotiable.
For applied domain-by-domain practice that mirrors the actual exam format, the CCO Exam Prep practice test site provides question sets organized by domain, so you can identify where your knowledge gaps are before exam day rather than discovering them during the exam itself. Also explore the related resource on Credit Union BSA AML Compliance Officer Duties for a deeper treatment of the BSA/AML obligations tested in Domain 4.
Frequently Asked Questions
The CCO certification is built exclusively around credit union compliance - including NCUA regulatory authority, NCUSIF share insurance, field of membership rules, and member business lending caps. These topics are specific to the credit union charter and are not covered in depth by bank-focused compliance certifications.
Domain 3 (Lending Compliance) is consistently the most content-dense, covering Regulation Z, ECOA, HMDA, RESPA, fair lending, and NCUA member business lending rules. Domain 4 (BSA/AML) requires strong procedural knowledge of FinCEN requirements. Most candidates benefit from allocating extra study time to both of these domains.
The CCO exam uses scenario-based multiple-choice questions. Rather than asking you to recite a regulation, questions present a compliance situation and ask you to identify the correct regulatory requirement, appropriate compliance officer action, or applicable disclosure obligation. Applied practice with realistic exam questions is the most effective preparation approach.
Most candidates benefit from a minimum of five to six weeks of structured, domain-focused preparation - with additional time if their background is stronger in some domains than others. Lending compliance and BSA/AML typically require the most study time due to the volume and complexity of the regulations involved.
Yes. The CCO Exam Prep practice test platform provides scenario-based questions organized by each of the four exam domains, allowing you to assess your readiness by domain and focus your remediation before test day. Using domain-aligned practice questions is significantly more effective than general compliance reading alone.