CUs gearing up to tackle shifting regulatory landscape in 2019

With control of the House set to change hands next month, credit union advocates are reshuffling their priorities and shifting the focus from regulatory relief to cybersecurity and data breaches, among a host of other topics.

A recent report from Juniper Research predicts total costs of cybercrime will surpass $2 trillion next year, and credit unions and other financial institutions could be among those who take a hit. That’s the primary concern for Dan Berger, president and CEO of the National Association of Federally-Insured Credit Unions, since CUs continue to be on the hook for consumer losses due to cybersecurity lapses at merchants and vendors.

CUJ 121718 reg outlook 2019.jpeg

The good news, noted Ryan Donovan, chief advocacy officer at the Credit Union National Association, is that cybersecurity could be one of the rare bipartisan items that gains a foothold in a divided Congress.

“I don’t think this issue has been a partisan issue,” Donovan explained. “The complication in Congress is that when you introduce a piece of legislation addressing data breach, it gets referred to two or three different committees.”

And that, added Donovan, is where problems arise. Legislation can fall to either the House Financial Services Committee, the Energy and Commerce Committee (which relates to merchants) or, in some instances, the Judiciary Committee (which relates to liability questions).

“What we’re hoping for is that the broader data privacy issue is going to help us break that logjam, and the reason that we have hope is that Congress, we believe, is going to be under some pressure over the next two to three years to establish a federal data privacy standard,” he explained.

The conversation, Donovan said, shouldn’t solely focus on privacy concerns but also onto the entities that securely manage consumer data. He also believes legislators will feel pressure not just as a result of the EU’s General Data Protection Regulation, but upcoming privacy regulations in California, which are set to take effect in 2020.

Despite the prospects for progress on cybersecurity, some sources indicated any larger efforts for regulatory relief will be shut out by a divided Congress.

Dennis Dollar, Dollar Associates

"The divided control of Congress will make any type of regulatory relief for financial institutions, including credit unions, almost impossible,” wrote Dennis Dollar, a credit union consultant and former NCUA chairman.

Dollar predicted House Democrats are likely to kill a majority of regulatory relief measures delivered from a Republican Senate and, alternatively, that Senate Republicans will shoot down any additional regulatory measures issued from the Democratic House.

“It will be total stalemate, which is both a blessing and a curse for credit unions - depending upon the issue,” he wrote.

And with the impending 2020 presidential election, Congressional attention will also be placed elsewhere.

“A lot of folks will have to watch on what they have to vote on,” said Geoff Bacino, a former NCUA board member and consultant at Bacino & Associates. “I think the Republicans will try to force votes that could put Democratic candidates or potential candidates in a bad light. It’s not the best way of government, but it’s the way the government works now.”

John McKechnie

John McKechnie, a DC-based consultant and former NCUA and CUNA staffer, offered a similar take.

“Divided government on Capitol Hill is going to slow, if not stop entirely, the pendulum swing in the direction of deregulation,” said John McKechnie, a DC-based consultant and former NCUA and CUNA staffer. But that doesn’t mean laws that have a major impact on CUs can’t get through, and one McKechnie said he believes not enough in the industry are paying attention to is Sen. Elizabeth Warren’s proposal to revamp CRA to include credit unions.

“There are other lawmakers [in addition to Warren] and several prominent consumer groups who have long advocated for credit unions to be under CRA,” he said. “Watch closely how the new Democratic majority in the House approaches that issue. I wouldn’t be terribly surprised if somebody raises it in the context of a bill or a hearing. Credit unions have a very strong case to make that we are CRA in action, but thinking we have a strong case and making it are two different things, so we need to be ready to step forward on that.”

And with Congress at loggerheads, that puts the onus on regulators, including both NCUA and the Consumer Financial Protection Bureau. For its part, NCUA has attempted to help mitigate cybersecurity risk by reiterating its request to Congress for third-party vendor oversight. And while those requests haven’t gone far in the past, things could be different in 2019.

“In this environment, anytime you mention the word cybersecurity, members of Congress appear to be willing to grant whatever the regulator asks for,” said McKechnie.

As for NCUA, the new year will bring further fights related to the ongoing field of membership case, as well as the possibility of additional delays to implementation of the risk-based capital rule. A Senate bill was introduced last week that would push the effective date back one additional year, to Jan. 2019.

And if credit unions don’t like what NCUA has up its sleeve, just be patient – despite the board being short-handed now, Mark McWatters’ term expires in 2019, leaving open the possibility of an entirely new board by year-end.

Aaron Passman contributed to this report.

For reprint and licensing requests for this article, click here.
Law and regulation Cyber security Cyber attacks CRA Data privacy Data privacy rules NAFCU CUNA NCUA Washington
MORE FROM AMERICAN BANKER