House expected to address third party vendor authority in upcoming hearing, legislation

October 17, 2019

The House Financial Services Committee Taskforce on Artificial Intelligence will convene a hearing Friday to address the growing number of data and cybersecurity attacks targeting the financial services industry. As policymakers seek to patch several cybersecurity policy holes, CUNA anticipates that legislation will be put forth that would extend to NCUA the authority to oversee credit union service organizations (CUSOs) and other third party vendors, and expand credit unions’ ability to invest in CUSOs.

As the financial services industry becomes increasingly reliant upon third-party vendors and their service providers to provide cutting-edge digital services, Congress has become increasingly concerned that bank regulators do not have sufficient authority to supervise these vendors. Congress is further concerned that the NCUA does not currently have any authority to regulate and supervise CUSOs. 

"This provides a unique opportunity for credit unions to engage policymakers to address concerns in the drafting process," said Lance Noggle, CUNA senior director of advocacy and senior counsel for payments and cybersecurity. "We are eager to hear credit unions’ reaction to this legislation and any concerns that they may have, which could be addressed during Congressional consideration or in a potential rulemaking process."

Questions or concerns about the draft legislation and cyber-security in general can be directed to Noggle at