Matz comments on GAO’s NCUA vendor authority recommendation
ALEXANDRIA, VA (July 6, 2015) – NCUA Board Chairman Debbie Matz favorably commented today on the Government Accountability Office’s recommendation to Congress that NCUA be granted enhanced examination authority over third-party technology service providers.
“We need to close this regulatory blind spot and better protect the credit union system by providing NCUA with the power to examine and take enforcement actions at third-party vendors,” Matz said. “The GAO report’s recommendation reinforces NCUA’s long-standing request for legislative action and comes on the heels of a similar recommendation by the Financial Stability Oversight Council. Obtaining this authority would allow the agency to proactively address cyber threats and better position credit unions to avoid a crisis.”
Released late last week, the new GAO report examines financial institutions and cybersecurity risks. The GAO report is available online here.
The summary of the GAO report notes that “[c]yber risks affecting a depository institution can arise from weaknesses in the security practices of third parties that process information or provide other IT services to the institution. Bank regulators routinely conduct examinations of service providers’ information security. Authorizing NCUA to routinely conduct such examinations could help it better ensure that the service providers for credit unions also follow sound information security practices.”
In assessing current cybersecurity risks, GAO also references its 1999 and 2003 recommendations to provide NCUA with vendor authority. The 2003 assessment noted that third-party arrangements can help credit unions manage costs, provide expertise and improve services to credit union members, but they also present risks, such as threats to security systems, weakness of processing, availability and integrity of the systems.
Obtaining third-party vendor authority is NCUA’s top legislative priority.
NCUA is the independent federal agency created by the U.S. Congress to regulate, charter and supervise federal credit unions. With the backing of the full faith and credit of the United States, NCUA operates and manages the National Credit Union Share Insurance Fund, insuring the deposits of nearly 100 million account holders in all federal credit unions and the overwhelming majority of state-chartered credit unions. At MyCreditUnion.gov and Pocket Cents, NCUA also educates the public on consumer protection and financial literacy issues.