WASHINGTON — Credit union trade groups want U.S. Senate leaders to oppose an amendment to the Cybersecurity Information Sharing Act (CISA) that would give NCUA the authority to regulate and examine third-party vendors to CUs.
Earlier this week, Democratic Sen. Elizabeth Warren of Massachusetts offered the amendment, SA 2607, which would be attached to CISA.
The NCUA argues that vendor authority is necessary, but, NAFCU and CUNA disagree.
"NAFCU does not support spending credit union resources to expand NCUA's examination authority into non-credit union third parties," wrote NAFCU SVP of Government Affairs and General Counsel Carrie Hunt in a letter to Senate Majority Leader Mitch McConnell and Minority Leader Harry Reid. "While NCUA contends that examination and enforcement authority over third party vendors (service providers) will provide regulatory relief for the industry, NAFCU and our members firmly believe that such authority is unnecessary and will require considerable expenditure of the agency's resources and time."
The tools NCUA already offers to credit unions that address concerns with vendors, such as the agency's diligence guidance, are sufficient, according to Hunt. "Giving NCUA additional authority will require the agency to develop an additional outlay of agency resources, which will in turn necessitate higher costs to credit unions," she added.
In his letter to the two Senate leaders, CUNA President and CEO Jim Nussle wrote that his trade group opposes the amendment "because we believe it is unnecessary and would increase the regulatory burden to which credit unions are subject. In addition, we believe the scope of the amendment exceeds the scope of the legislation to which it is being proposed and should be considered first by the Banking Committee under regular order."
In addition, the amendment would not" enhance the safety and soundness of the credit union system, according to Nussle. Instead, it would "make it more expensive for credit unions to serve their members. The cost of doing business with providers that are already subject to supervision by other regulators will increase as they pass along the incremental cost of additional NCUA supervision on to the credit unions."
