CRS: Credit unions vulnerable since NCUA doesn’t have vendor authority

Congress’s research arm joins chorus of other agencies saying NCUA needs vendor authority

Yet another federal government agency, the Congressional Research Service, is warning that as credit unions use more technological services, they face significant operational risks because the National Credit Union Administration lacks supervisory powers over third-party vendors.

“Small financial institutions—particularly those providing financial services primarily to underserved communities, which would include mission-driven credit unions—face significant challenges when attempting to acquire new technologies,” the CRS said, in a new report. “With growing reliance on [technology service providers], the NCUA (as well as the federal bank regulators) is increasingly concerned with operational risks—the risk of loss having to do with failed internal controls, people, systems, or external events.” The CRS said that operational risks can increase the potential for systemic risk, such as panic runs on depository institutions.

Unlike federal banking regulators, such as the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp., the NCUA does not have supervisory powers over third-party providers.

The NCUA’s Inspector General, the Government Accountability Office, and the Financial Stability Oversight Council have called on Congress to extend supervisory powers to the NCUA, but so far, no legislation doing that has been enacted.


continue reading »