NCUA Asks Congress for Third-Party Vendor Supervision Powers
The NCUA has asked Congress for third-party vendor supervision powers, citing potential harm to the credit union industry. Learn why NAFCU disagrees.
Agency claims oversight capacity is necessary to avoid potential harm to credit union industry, but NAFCU disagrees.
The lack of third-party vendor supervisory powers poses numerous systemic risks, Kelly Lay, director of the National Credit Union Administration (NCUA)’s Office of Examination and Insurance, told a House task force Friday.
“The NCUA requires third-party vendor authority to safeguard not just the Share Insurance Fund, but the credit union system overall, which is a major pillar of our national economic system,” she told the House Financial Services Committee’s Artificial Intelligence Task Force.
Lay called on Congress to grant the NCUA that power. The House Financial Services Committee is scheduled on Tuesday to consider the Strengthening Cybersecurity for the Financial Sector Act of 2022 (H.R. 7022), a bill that would do just that.
“While there are advantages for credit unions to use these service providers, the high concentration of credit union services within third-party vendors presents safety and soundness risks for the industry,” she testified.
Lay added some vendors have refused to implement the NCUA’s recommendation to improve network security and safeguard member information, citing cost concerns.
Credit Union Advocacy Group in Opposition
However, Brad Thaler, Vice President of Legislative Affairs at the National Association of Federally-Insured Credit Unions (NAFCU), told the task force the NCUA does not need the additional powers.
“NAFCU believes in a strong NCUA, but we also believe that the NCUA should stay focused on where its expertise lies—regulating credit unions,” he wrote in a letter.
Thaler further noted the NCUA sits on the Federal Financial Institutions Examination Council (FFIEC) with other banking regulators. He said the council has restricted the NCUA’s access to third-party vendor reports—most likely due to the lack of statutory authorization.
That prohibition should be changed by the FFIEC, Thaler claimed.
“As a member of the FFIEC, the NCUA should be able to request the results of an examination of a core processor from the other regulators and not have to send another exam team from the NCUA into their business and duplicate an examination that has already taken place,” he stated.
Thaler added if FFIEC officials refuse to grant the NCUA access to their examinations, Congress should direct them to do so rather than giving the NCUA the power to conduct its own exams.
He said further the agency has not provided details about how much a new vendor supervision program would cost, noting that credit unions pay fees for NCUA activities.
To learn more about CUCollaborate's technology offerings, visit our Core Processor Evaluation and Selection Services consulting page and contact us today!