NEWPORT BEACH, Calif.–The National Association of State Credit Union Supervisors (NACUSO) is objecting to a call by NCUA’s chairman to give the agency expanded oversight authority over third-party providers, saying the agency is motivated in part by “regulator envy.”
NACUSO has expressed its position in a letter to the Senate Committee on Banking, Housing and Urban Affairs, following congressional testimony by NCUA Chairman J. Mark McWatters in which he asked for the committee’s consideration of legislation to expand NCUA’s direct regulatory and supervisory authority beyond that of regulating and supervising credit unions.
In the letter, NACUSO President Jack Antonini said NCUA is looking to expand into the “unlimited and virtually unrestricted arena of regulating and examining any business that does business with a credit union.”
‘Expertise is Lacking’
“Labeled ‘vendor authority’ by NCUA, this unprecedented expansion of the agency’s authority is of concern to CUSOs, because of the potential impact upon the collaborative model we represent among credit unions that have chosen the CUSO structure to share the risk associated with costly innovation and to enhance the delivery of credit union services to more members from all walks of life,” Antonini stated. “In our view, NCUA lacks the expertise to regulate and examine any and all businesses that interact with credit unions. The necessary investment of agency resources to hire or contract with the broad level of expertise required to examine every technology service, communications contractor, statement processor, ATM servicer, check provider, building construction company, accounting firm, advertising agency, insurance agency, broker/dealer, lawn care company, etc. that enters into a contract with a credit union…”
Such a change, the NACUSO letter states, “will bring about a dramatic and unnecessary increase in the size, budget and staffing of this federal agency. The average number of vendors for a single credit union can easily exceed one hundred, two hundred in the case of some larger credit unions.”
Number of New Hires Questioned
Antonini and NACUSO questioned how many employees NCUA will need to hire review all vendors, and cited a reduction in staff by the FDIC as an additional reason NCUA does not need to expand, saying, “the number of full time employees of NCUA has not, even as credit unions have decreased from 12,000 to 5,600 over the past fifteen years.”
Antonini said NCUA is funded by credit unions and that any additional expansion of authority will also needed to be funded by those same CUs.
“Prior to any such action dramatically expanding the scope of NCUA’s regulatory power and imposing yet more costs on credit union members, the question from our perspective should be whether the expansion of the scope and the resultant increase in costs is necessary and justified,” wrote Antonini. “NACUSO sees this request for unlimited vendor regulatory and supervisory authority for NCUA as an unjustifiable expansion of the agency’s authority that is, frankly, not needed, can be handled in another way and is being overseen effectively under existing authority.”
Antonini said NACUSO’s view is the agency has all the existing authority it needs for risk-evaluation purposes, stating “if NCUA has a problem with a risk posed by a CUSO, it has the power to compel changes through the CUSO’s owner credit unions.”
‘More Rifled Approach’
As for the primary issue raised by McWatters during his testimony, that of risk related to cyber security, Antonini said it could be dealt with with a “more rifled approach to regulation and supervision without opening the floodgates of additional regulation and supervision of every other type of credit union vendor…”
What’s really motivating NCUA, said Antonini, is nothing more than “envy.”
“In fact, NCUA concedes in their testimony before the committee that one justification for their expanded authority request to have unlimited regulatory and supervisory authority over all credit union vendors stems at least partly from a case of regulator envy with their banking counterparts such as the FDIC and OCC that have been allowed some self-limited vendor authority by Congress,” said Antonini. “This authority, coveted by NCUA for decades with no action by Congress to grant it despite the agency’s continued requests, enables the FDIC and OCC to examine cyber security issues at many of the larger and most widely utilized technology companies that serve financial institutions, both banks and credit unions. To add to these existing FDIC and OCC examinations, NCUA would like to add another set of regulatory and supervisory eyes. We find it unnecessary and counter intuitive to believe that the presence of a handful of NCUA examiners will find cyber security weaknesses at a leading data technology provider that could not be found by the examiners from the FDIC and OCC already examining them.”
If cybersecurity is the primary focus, the NACUSO letter states, then NCUA should “take advantage” of its affiliation with the Federal Financial Institutions Examination Council (FFIEC).