Credit Unions Share Cybersecurity, Reg Burden Concerns: Video CUTs
Credit union executives attending the event said the issue was top of mind for them, too.
Daniel Waltz, president/CEO of the $204 million Southern Mass Credit Union in Fairhaven, Mass., said his credit union wants lawmakers to address the merchants' responsibility when a data breach occurs.
“It's been a very expensive proposition for us when retail merchants compromise our data and we have to reissue debit cards for our members and notify them of the compromise – that has been a problem for several years starting in the early 2000s and it hasn't been properly addressed since then,” he said.
President/CEO Jane Dobbs of the $137 million Canyon State Credit Union in Phoenix, Ariz., cited the data breach issue as her credit union's top priority, particularly the notification responsibility for retailers. Dobbs said retailers should have to disclose when the breach occurs so credit unions are not learning about the incident 10 to 12 months later.
“Meanwhile, our members have been affected for over a long period of time,” she said. “We spent a lot of time talking about data breaches and mentioned our members' specific situations to really bring it home.”
In addition, Dobbs said she discussed raising the member business lending cap to 27% with lawmakers as well as the maintaining the credit unions' non-profit status.
Eddie Todd, a member of the board of directors of the $18.6 million Chicago Post Office Employees Credit Union in Chicago Ill., also highlighted data security as his credit union's greatest concern.
“With so many of the credit unions being small we don't have the resources. The talent is just not there. We need the government to bring the talent in and work with us and help us because they [hackers] could use small institutions to get into larger ones. Our members are everywhere and they are working with everything so once they get into one account, they're going to get into any account,” he said.
Regulatory burden was a trouble issue for Michael Ostrowski's list is protecting the credit union tax exemption and supplemental capital. The leaders of his credit union, the $119 million STCU in Springfield, Mass., raised the issue with Sen. Elizabeth Warren (D-Mass.) in a meeting after her remarks at GAC. Ostrowski said regulatory burden on smaller credit unions gets tougher to deal with each year.
“It's difficult to stay with your mission when you have to deal with all those things,” he said, citing the CFPB's rules as an example.
“All of that seems to be compounding itself and we don't know what the ultimate goal is, and what's going to end up happening because it's still changing and being put together. It was encouraging hearing Sen. Warren talk about a few different things and how she framed it,” he said.
Ostrowski said he also discussed protecting the credit union tax exemption and supplemental capital with the senator, who is a member of the Senate Banking Committee.
The NCUA’s risk-based capital proposal was another common concern for credit union executives attending the conference.
“The new risk-based capital proposal is far better than the first one we received with the risk-weightings. We are very happy with a lot of the changes that were made but there are still some elements we are concerned about,” Suzanna Weinstein, chief financial officer of the $192 million Orlando Federal Credit Union in Orlando, Fla., said in an interview at the conference.
“We need to comment on the written plan that's going to be required for our capital. Within that written plan, the proposal targets complex credit unions. It's not a one measurement fits all. Every institution is different,” she added.
To group credit unions with more than $100 million in assets into one regulated group is difficult, Weinstein added.
Bogdan Chmielewski, president/CEO of the $1.6 billion Polish & Slavic Federal Credit Union in Brooklyn, N.Y., said he wants Congress to ensure the NCUA cannot change capital requirements again after the proposed rule is finalized.
“I know we have the second proposal that is much better but there are a lot of questions to be asked and the proposal requires many changes and adjustments,” he said. “I don't want the NCUA or any other regulator stepping in to make significant changes that we are not aware of right now. If they do something, this is the final version, and there won't be any room for manipulation of the entire proposal. I think that's the issue we should bring to members of Congress.”
Chmielewski said he was also concerned about cybersecurity.
“The credit unions and other financial institutions are paying the price for the breaches and merchants are totally unaccountable for them,” he said.