ARLINGTON, Va.–Following NCUA’s board meeting last week, NAFCU said it will be keeping an eye on developments around the agency’s push for third party vendor oversight authority.
Such authority has been a long-time objective of NCUA, which has noted it is the only federal regulator lacking the authority to oversee the various third parties with which credit unions have relationships.
All three NCUA board members have in the past expressed support for gaining such authority, but at the most recent meeting NCUA Chairman Rodney Hood offered a caveat.
During a presentation to the board on cybersecurity risks to credit unions, Hood said, “Let me now be very clear, I deeply believe that Congress should consider providing NCUA with vendor authority to allow the agency to better supervise third-party cyber security risk. But in my view, this should be done post pandemic recovery. I've made this request to members of the Senate Banking Committee through my recent letter and I do believe that providing vendor authority amid the pandemic will place additional burden on our staff as well as the industry at large. But I certainly would like to see us have this post recovery.”
‘A Complicated Question’
NAFCU EVP/General Counsel Carrie Hunt said the trade group was “happy” to see Hood call for the delay.
Both CUNA and NAFCU have opposed expansion of oversight authority to third parties.
“It’s a complicated question. If NCUA needs that authority, there are other ways to do it,” said Hunt.
Cybersecurity and its related costs, said Hunt, is an area where NAFCU disagrees with NCUA in terms of the actual risk.