NCUA Chairman Debbie Matz noted in the Feb. 20 CU Times article, "NCUA Ramps Up Vendor Oversight," that NCUA third-party vendor examination authority was necessary now more than ever due to cyber threats.  While cybersecurity is an extremely important issue, NAFCU does not believe that cybersecurity and third-party vendor authority go hand in hand. As we have consistently maintained, NAFCU believes the agency's bid for third-party vendor examination authority is unnecessary given that the NCUA is already authorized to thoroughly regulate credit unions and their third-party relationships. Further, NAFCU questions the NCUA's choice to prioritize this request on its legislative agenda, and we firmly disagree with the NCUA's assertion that such authority would provide any regulatory relief for credit unions.

If the NCUA were granted this authority, it would only increase credit unions' already excessive regulatory burden and would do nothing to enhance credit unions' safety and soundness or provide any regulatory relief.  In all of its recent pushes for third-party vendor authority, the NCUA has yet to state what additional resources would be required, and how much these would cost credit unions. NAFCU believes such authority will require considerable expenditure of the agency's resources and time.

We have lost more than 1,000 credit unions at a clip of over 200 per year since the implementation of the Dodd-Frank Act. Credit unions cannot afford to have the NCUA pursue authorities that would require spending credit union resources to expand the NCUA's examination authority into non-credit union third parties with unclear results. NAFCU disagrees with the NCUA's reliance on an anomaly, such as a CUSO causing a loss to the NCUSIF, to justify an expensive regulatory regime that will not result in a safer or more sound system.  Simply put, expanded authorities do not always equate to better outcomes.