Re: Oppose SA 2607 to the Cybersecurity Information Sharing Act of 2015 (CISA)
Dear Leader McConnell and Leader Reid:
On behalf of the National Association of Federal Credit Unions (NAFCU), the only trade association exclusively representing the federal interests of our nation’s federally-insured credit unions, I write today to urge the Senate to oppose Senator Warren’s amendment (SA 2607) to CISA that would give the National Credit Union Administration (NCUA) authority to regulate and examine service providers to credit unions. Such authority would be a costly regulatory overreach on the credit union industry.
NAFCU does not support spending credit union resources to expand NCUA’s examination authority into non-credit union third parties. While NCUA contends that examination and enforcement authority over third party vendors (service providers) will provide regulatory relief for the industry, NAFCU and our members firmly believe that such authority is unnecessary and will require considerable expenditure of the agency’s resources and time. NAFCU disagrees with the assertion that third party vendor examination and enforcement authority will provide any significant improvement to credit union safety and soundness or help the agency address cybersecurity concerns.
We believe that the agency already has the tools that it needs to address concerns with vendors. The key to success with appropriate management of vendors is due diligence on behalf of the credit union. NAFCU supports credit unions being able to do this due diligence and NCUA already offers due diligence guidance to credit unions. Giving NCUA additional authority will require the agency to develop an additional outlay of agency resources, which will in turn necessitate higher costs to credit unions.
NCUA is a member of the Federal Financial Institutions Examination Council (FFIEC) which was created to coordinate examination findings and approach in the name of consistency and to avoid duplication. NCUA has failed to demonstrate how the status quo is a detriment the credit union system, and in fact, NAFCU believes this authority with detract from the agency’s core mission. NAFCU fully supports a safe and sound credit union system, but we do not believe this costly example of regulatory overreach will provide any additional benefit.
It is with these concerns in mind that we urge to Senate to reject Senator Warren’s amendment (SA 2607) that would give NCUA authority to examine credit union service providers. Thank you for your consideration and attention to this important issue. If we can answer any questions or provide you with further information on this matter, please do not hesitate to contact myself or NAFCU’s Vice President of Legislative Affairs, Brad Thaler, at 703-842-2204.
Sincerely,
Carrie R. Hunt
Senior Vice President of Government Affairs and General Counsel
cc: Members of the United States Senate