NCUA Wants New Power Over OutsideVendors

WASHINGTON - (05/18/05) -- NCUA asked Congress Wednesday torestore authority it had briefly during the Y2K scare to examineand monitor independent third-party credit union vendors to help itcombat the growing threat of security breaches. NCUA GeneralCounsel Robert Fenner, noting the increasing incidents of computersystems breach infecting credit unions, told a House FinancialServices subcommittee the additional authority over serviceproviders will help the federal regulator better monitor risk andprotect credit union members' financial data. Fenner detailed thegrowing numbers of security breaches that are harming creditunions, including last year's theft of data at BJ's Wholesale Club,the theft of a hard drive from California CU in 2003, the theft ofmember data from Schools Financial CU and Redwood CU last year froma third-party processor in California, and growing incidents of'phishing,' 'pharming,' and other online fraud schemes. Otherfederal regulators currently have authority to audit and monitorthird-party vendors, helping them to protect data security. "In theabsence of such authority," Fenner told lawmakers, "NCUA hasoccasionally experienced difficulty in obtaining the fullcooperation of vendors, and in obtaining key documents." NCUA wasgiven authority over third-party vendors to help deal with thethreats with the Y2K computer issue but hat authority expired afterthe threat receded. The NCUA proposal is in for a tough fightbecause the credit union lobby, which usually works closely withthe agency on legislative matters, has vowed to opposeit.