CUNA has several concerns with draft legislation that would grant NCUA direct supervisory authority over third party vendors and credit union service organizations, it wrote to leadership of the House Financial Services Task Force on Financial Technology Thursday.

“Despite our reservations with the proposal and our association policy to oppose extending this authority to NCUA, in the interest of ensuring that our nation’s information security apparatus is as strong as it needs to be to combat cyberattack and data breach, we are open to continued dialogue regarding proposed amendments to the BSCA that could augment NCUA’s current oversight of third-party vendors and CUSOs,” the letter reads. “We have discussed this topic in detail with our membership committees and look forward to working with all stakeholders on this issue.”

CUNA’s concerns with the draft legislation include:

• NCUA has exercised very effective regulation of CUSOs and third-party vendors without the authority, rendering the change proposed in the draft legislation a solution in search of a problem;
• Extending this authority to NCUA could result in the agency increasing its budget to hire personnel with appropriate expertise to supervise these organizations; and
• NCUA has yet to develop a clear vision of the scope of this authority or how they would implement it. This has made it impossible for CUNA to assess the impact it would have on credit union operations.

Questions or concerns about the draft legislation, and cyber-security in general, can be directed to CUNA Senior Director of Advocacy and Senior Counsel for Payments and Cybersecurity Lance Noggle at lnoggle@cuna.coop.