Sens. Introduce Bill to Give NCUA Third-Party Vendor Oversight Powers
Agency has requested supervisory authority to assess cybersecurity risks, but the move is opposed by credit union trade groups.
Three senators this week introduced legislation that would give the NCUA oversight powers over credit union third-party vendors.
S. 4698 was introduced by Sen. Jon Ossoff, D-Ga., and is cosponsored by Sens. Cynthia Lummis, R-Wy., and Mark Warner, D-Va.
Sponsors of the legislation said the bill would empower the NCUA to assess cybersecurity risks posed by service providers and take action to protect credit union members.
It also would give the agency the same powers that other banking regulators have over third-party vendors. Currently the NCUA and the Federal Housing Finance Agency (FHFA) are the only financial regulators without that power.
Senator Jon Ossoff of Georgia
“Georgians should not have to fear that their identity or data could be stolen by hackers who target their bank or credit union,” Ossoff stated. “This bipartisan bill will strengthen protections against hacking and identity theft.”
The House version of the FY23 defense authorization legislation includes a similar provision.
The NCUA’s Position
Members of the NCUA board, the agency’s inspector general and the Financial Stability Oversight Council have called for granting the agency oversight powers.
The lack of third-party vendor supervisory powers poses numerous systemic risks, Kelly Lay, director of the NCUA’s Office of Examination and Insurance, told a House task force in May.
Response From Credit Union Groups
Credit union trade groups have consistently opposed the proposal. NAFCU earlier this year questioned whether the agency has the necessary expertise to police vendors. The trade group also questioned the cost of implementing such an oversight program.