NEW: CUNA opposes CISA amendment granting NCUA vendor authority

August 5, 2015

WASHINGTON (8/5/15 UPDATED 3:35 p.m. ET)--CUNA opposes an amendment to the Cybersecurity Improvement Act that would grant the National Credit Union Administration additional authority to supervise third party vendors. CUNA wrote to Senate Majority Leader Mitch McConnell (R-Ky.) and Minority Leader Harry Reid (D-Nev.) today to outline its objections.

“We oppose this amendment because we believe it is unnecessary and would increase the regulatory burden to which credit unions are subject,” CUNA President/CEO Jim Nussle wrote. “In addition, we believe the scope of the amendment exceeds the scope of the legislation to which it is being proposed and should be considered first by the Banking Committee under regular order.”

CUNA adds that credit unions already face supervision for due diligence in third-party vendor relationships during regular examinations. In addition, a number of those vendors serve banks as well, and are thus subjected to supervision by banking regulators.

“We question what will be gained from this additional authority when credit unions are already required to perform due diligence on their third party relationships and such due diligence is presently subject to supervision by NCUA,” the letter reads. “We further question the need to extend this authority to credit union service organizations which are generally owned by credit unions, when NCUA is presently able to supervise them through the credit unions that own them.”

The NCUA currently does not have the capacity to supervise these entities, CUNA believes, and conveying this authority will require the agency to spend considerable credit union member resources to manage and implement this authority.

“While the amendment will not enhance the safety and soundness of the credit union system, it will make it more expensive for credit unions to serve their members,” Nussle wrote.