WASHINGTON–While the credit union trade associations have hailed House passage of the National Defense Authorization Act because it includes amendments backed by CUs, getting less attention with last week’s passage is the fact the bill would also give NCUA oversight of third-party vendors.
And that’s something CUNA, NAFCU, the National Association of CUSOs and others within credit unions have strongly opposed, even as the agency has sought the authority for years.
As CUToday.info was first to report in May, a discussion draft of legislation that would provide NCUA with third-party oversight authority was circulated in the House of Representatives.
The bill providing NCUA oversight authority was originally HR 7022, introduced by Rep. Bill Foster (D-IL).
Such oversight has been a long-time priority of numerous members of the NCUA board, including its current three members. The agency argues other regulators have the authority and that the inability to oversee the many vendors, including CUSOs, to credit unions creates numerous vulnerabilities, most especially in data security.
The CU trade groups have argued NCUA already has all the oversight authority it needs, including over vendors.
Muted Opposition
However, one source told CUToday.info that the trade group opposition may have muted somewhat on the issue as the result of growing risks around cyber-breaches.
The discussion draft previously circulated under the title “The NCUA Oversight of Third Party Vendors Act,” and would authorize section 206A of the Federal Credit Union Act to provide the oversight authority it is seeking.
As a number of credit union advocates on Capitol Hill have been saying, including at the time the discussion draft was circulated, such standalone bills to pass would need to be attached to larger pieces of must-pass legislation or spending bills, such as the NDAA.
That is also the case for the several pieces of legislation that were attached as amendments and which have strong credit union support: the Secure and Fair Enforcement (SAFE) Banking Act, which would remove federal prohibitions on serving cannabis businesses; an extension of CARES Act Central Liquidity Facility (CLF) flexibility, and provisions to support fair hiring in financial services.
‘Regulatory Blind Spot’
As CUToday.info reported here in early May, in response to questions from Sen. Pat Toomey (R-PA), NCUA Chairman Todd Harper wrote, “Most credit unions rely on vendors to conduct important parts of their operations. Yet, as credit unions respond to COVID-19 issues, they have little time to address problems that may arise with those vendors. Many also lack the resources required to fully conduct due diligence when adding new vendors to address COVID-19 needs.
“At present, the NCUA lacks the authority to supervise or oversee credit union third-party vendors, even though the Government Accountability Office and Financial Stability Oversight Council have long urged Congress to close this regulatory blind spot,” Harper continued. “I respectfully request that you provide the NCUA with this oversight authority now. In making this change, the NCUA would achieve parity with the federal banking agencies, which already have vendor oversight authority.”