Learn more about Member Benefits
The Governmental Accountability Office released a report today that suggests
that federal depository institution regulators need better data analytics and
that depository institutions want more usable threat information. The report also made a key recommendation
related to vendor supervisory authority for NCUA.
The report identifies two key areas for improvement:
Regulators generally focused on IT systems at individual institutions but most
lacked readily available information on deficiencies across the banking system.
Although federal internal control standards call for organizations to have
relevant, reliable, and timely information on activities, regulators were not
routinely collecting IT security incident reports and examination deficiencies
and classifying them by category of deficiency. Having such data would better
enable regulators to identify and analyze trends across institutions and use
that analysis to better target areas for review at institutions.
regulators directly address the risks posed to their regulated institutions
from third-party technology service providers, but the National Credit Union
Administration (NCUA) lacks this authority. Cyber risks affecting a depository
institution can arise from weaknesses in the security practices of third
parties that process information or provide other IT services to the institution.
Bank regulators routinely conduct examinations of service providers'
information security. Authorizing NCUA to routinely conduct such examinations
could help it better ensure that the service providers for credit unions also
follow sound information security practices.
NCUA has advocated for additional vendor authority for
several years, and raised the issue earlier this year in testimony
before the Senate Banking Committee, suggesting such authority would represent
regulatory relief for credit unions.
CUNA opposes new statutory authority for NCUA to regulate
and supervise directly Credit Union Service Organizations (CUSOs) or other
third party entities that provide products and services to credit unions. Credit unions are subject to due diligence
requirements with respect to their relationships with third party vendors; we
believe that through the supervisory process NCUA has sufficient authority to
ensure that the vendors on which credit unions rely follow sound information
Champion for the Credit Union Movement
Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.
© 2017 Credit Union National Association
ADA Compliance Notice & Legal
© 2017 Credit Union National Association |
ADA Compliance Notice & Legal