CFPB’s VyStar Fine Has ICBA Exec Calling For Stricter Oversight

Independent Community Bankers of America (ICBA) president and CEO Rebeca Romero Rainey said the recent CFPB action against VyStar Credit Union highlights an oversight gap in need of urgent attention.

VyStar Credit Union was dinged for harming consumers through its botched rollout of a new online banking system. According to the CFPB, VyStar Credit Union transitioned to a new, dysfunctional online banking platform in May 2022 that made it difficult for members to perform basic banking functions for weeks, with some features unavailable for more than six months. Affected consumers were unable to manage their accounts, were charged late fees when their online bill payments did not go through, and were often unable to access their funds.

“Today’s Consumer Financial Protection Bureau penalty against VyStar Credit Union for harming consumers via a failed rollout of a new online system exemplifies the risks posed by the National Credit Union Administration’s (NCUA) inability to examine credit union third-party service providers,” Rainey said. “While the CFPB has ordered VyStar to make affected consumers whole and pay a $1.5 million civil penalty to the bureau’s victims relief fund, policymakers must provide the NCUA with the same authority that bank regulators use to supervise for cyber risk.”

Rainey said NCUA Chairman Todd Harper called the agency’s lack of authority a “regulatory blind spot”, meaning the agency doesn’t “necessarily know what is happening” with credit union cybersecurity and could leave the industry as the “soft underbelly” of the broader financial system. After a third-party service provider’s cybersecurity incident disrupted the daily operations of 60 credit unions last year and a separate credit union earlier this year breached the personal information of more than 1 million members during a ransomware attack, Harper recently noted that approximately 90% of the tax-exempt credit union industry’s assets are managed by third-party service providers with no NCUA oversight.

“This lack of regulatory oversight is particularly concerning given the surge in tax-exempt credit unions acquiring tax-paying community banks, with last week’s deal extending 2024’s single-year record,” Rainey added. “Bipartisan legislation introduced in the previous Congress to ensure the NCUA has the same authority as bank regulators to supervise for cyber risk is supported by the NCUA’s Harper and inspector general, the Government Accountability Office, and the Financial Stability Oversight Council, and we continue calling on lawmakers to reintroduce and pass this critical bill.”

“With recent ICBA polling conducted by Morning Consult showing 61% of U.S. adults say Congress should investigate whether credit unions should be able to acquire banks given credit unions’ tax and regulatory exemptions, it is past time for Congress to take a closer look at our nation’s outdated credit union policies and the harmful impact they are having on consumers, small businesses, and local communities nationwide.”


Register Now
Sponsored Links by DQ Promote

 

 

Send this to a friend