WASHINGTON–Draft legislation in Congress that would give NCUA oversight authority over CUSOs and other third-party providers is getting a cool response from the credit union trade groups, although CUNA has indicated some receptiveness to agency oversight related to cybersecurity and anti-money laundering.
As CUToday.info reported here, the discussion draft of legislation represents a long-time priority for NCUA and has been a priority for numerous members of its board, including its current three members. The agency argues other regulators have the authority and that the inability to oversee the many vendors, including CUSOs, to credit unions creates numerous vulnerabilities, most especially in data security.
The discussion draft, circulating under the title “The NCUA Oversight of Third Party Vendors Act,’ would authorize section 206A of the Federal Credit Union Act to provide the oversight authority it is seeking. But it is not the only such draft legislation in the works (see related story).
‘Naturally Skeptical’
CUNA’s chief advocacy officer, Ryan Donovan, noted NCUA once before had some vendor oversight, during the lead up to the year 2000 and concerns over data interruptions due to the Y2K bug, but that was specifically targeted to those circumstances and the authority expired in 2001.
“We are naturally skeptical of new authorities for NCUA, particularly in areas with little or no expertise,” said Donovan.
But, added Donovan, CUNA also recognizes there are growing threats from related to cybersecurity and breaches, as well as AML, and that when credit unions engage with a third party provider they expect the risk to be “limited.”
CUNA does not want to see oversight authority extended to all providers and all types of solutions, he said.
“We are unable to support the legislation at this time,” said Donovan. “We will continue to work with committee to tailor it so it targets high-risk areas such as cybersecurity and AML and ensures that credit unions don’t pay higher direct or indirect costs as a result of NCUA exercising this authority.”
‘Tools Already in Place’
In a letter to the House, NAFCU VP-Legislative Affairs Brad Thaler said the trade group is “opposed to the discussion draft of the “NCUA Oversight of Third Party Vendors Act” that has been proposed aspart of the hearing.
“NAFCU and our member credit unions believe that cybersecurity, including the security of vendorsthat credit unions do business with, is an important issue,” wrote Thaler. “However, we are opposed togranting additional authority to NCUA to examine third parties at this time. NAFCU believes in astrong NCUA, but we also believe that the NCUA should stay focused on where their expertise lies—regulating credit unions. Credit unions fund the NCUA budget. Implementing such new authorityfor NCUA would require significant expenditures by the agency. The history of NCUA’s budgetgrowth has shown that these costs would ultimately be borne by credit unions and their members.”
Thaler wrote that “other tools already in place for the agency to get access to information about vendors” and that the agency would be better served by focusing on reducing regulatory burden. As a member of the Federal Financial Institutions Examination Council (FFIEC) along with the FDIC and Fed, said Thaler, “NCUA should be able to request the results of an examination of a core processorfrom the other regulators and not have to send another exam team from NCUA into their business and duplicate an examination…This would address NCUA’s concerns without creating additional costs to credit unions and increasing regulatory burdens on credit unions and small businesses.”
Other Points Made in Letter
In the same letter, Thaler also said:
- In response to the National Credit Union Share Insurance Fund (NCUSIF) and a request by NCUA Chairman Todd Harper for Congress to make statutory changes to allow the agency more authority to make changes to the NCUSIF, Thaler wrote, “The fact that the SIF has fared so well during the past 12 months provides ample evidence that the fund is strong and that credit unions were well-capitalized and had strong balance sheets entering the crisis. This provided them with the necessary scope to extend assistance to their members during the pandemic. The current language of the Federal Credit Union Act (FCU Act) creates this strong insurance fund for credit unions. We caution against any calls for statutory changes to the SIF that go against the spirit of this provision of the Act – a provision that is designed not only to keep credit unions healthy, but also keep funds available to credit union members,” concluded Thaler.
- NAFCU supports a proposal to allow all credit unions to add underserved areas to their fields of membership and grant member business lending exemptions for certain loans in underserved areas
- NAFCU supports repeal of the OCC’s “True Lender” Rule
- Called for making recent changes to the Central Liquidity Facility permanent
- Called for study of a strategic plan to make it easier to establish new credit unions
- Reiterated NAFCU’s opposition of efforts to extend debit interchange price caps or routing requirements to credit cards
The full NAFCU letter can be found here.