WASHINGTON—NAFCU, CUNA and NACUSO are all urging the Senate to oppose an amendment that has been proposed that would give NCUA the authority it has been seeking to regulate and examine third-party providers to credit unions.
The amendment (SA 2607), offered by Sen. Elizabeth Warren (D-MA), would be attached to S.2588, the Cybersecurity Information Sharing Act (CISA).
In separate comment letters to Senate leadership, NAFCU, CUNA and NACUSO said granting NCUA such authority would be a costly regulatory overreach on the credit union industry, increasing CU regulatory burden.
“NAFCU does not support spending credit union resources to expand NCUA’s examination authority into non-credit union third parties,” said NAFCU SVP-General Counsel Carrie Hunt in a letter. “While NCUA contends that examination and enforcement authority over third party vendors (service providers) will provide regulatory relief for the industry, NAFCU and our members firmly believe that such authority is unnecessary and will require considerable expenditure of the agency’s resources and time. NAFCU disagrees with the assertion that third party vendor examination and enforcement authority will provide any significant improvement to credit union safety and soundness or help the agency address cybersecurity concerns…We believe that the agency already has the tools that it needs to address concerns with vendors. The key to success with appropriate management of vendors is due diligence on behalf of the credit union. NAFCU supports credit unions being able to do this due diligence and NCUA already offers due diligence guidance to credit unions. Giving NCUA additional authority will require the agency to develop an additional outlay of agency resources, which will in turn necessitate higher costs to credit unions.”
CUNA President and CEO Jim Nussle said the trade association opposes this amendment because “we believe it is unnecessary and would increase the regulatory burden to which credit unions are subject. In addition, we believe the scope of the amendment exceeds the scope of the legislation to which it is being proposed and should be considered first by the Banking Committee under regular order.”
Nussle added that credit unions are already supervised for due diligence in third-party vendor relationships during their regular examinations, and many of the third parties on which credit unions rely also serve banks and “therefore, are subject to supervision by banking regulators. We question what will be gained from this additional authority when credit unions are already required to perform due diligence on their third party relationships and such due diligence is presently subject to supervision by NCUA.”
The National Association of Credit Union Service Organizations (NACUSO) has also sent a comment letter expressing its strong objections to the proposal.
“NACUSO opposes the amendment because it is unnecessary and would significantly increase the regulatory burdens to which credit unions are subject,” the organization said. “NCUA is funded by assessing credit unions which are non-profit financial cooperatives. It is the credit union members that pay for NCUA’s operations. NACUSO believes that the costs of regulation should only be imposed if the reasons are compelling. No such reasons exist here…NCUA has increased its budget in the past five (5) years by over 75% and the NCUA staff has increased over 35%. NCUA now wants to extend its authority over the hundreds and hundreds of credit union vendors without any restrictions. If passed NCUA would not only have authority over core processors, NCUA would also have examination authority over landscapers and janitors.”
NACUSO told Congress NCUA already has authority to review vendor relationships, noting that the agency has required credit unions to compel their CUSOs through contractual duties to directly report information to the agency