[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 4698 Introduced in Senate (IS)]
<DOC>
117th CONGRESS
2d Session
S. 4698
To amend the Federal Credit Union Act to modify requirements relating
to the regulation and examination of credit union organizations and
service providers.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
August 1, 2022
Mr. Ossoff (for himself, Ms. Lummis, and Mr. Warner) introduced the
following bill; which was read twice and referred to the Committee on
Banking, Housing, and Urban Affairs
_______________________________________________________________________
A BILL
To amend the Federal Credit Union Act to modify requirements relating
to the regulation and examination of credit union organizations and
service providers.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Improving Cybersecurity of Credit
Unions Act''.
SEC. 2. FINDINGS.
Congress finds the following:
(1) Until 2001, the National Credit Union Administration
(referred to in this section as the ``NCUA'') maintained third-
party examination authority over credit union organizations.
(2) As of the date of enactment of this Act, other Federal
and State bank supervisors maintain third-party examination
authority over bank service companies pursuant to the Bank
Service Company Act (12 U.S.C. 1861 et seq.).
(3) The Government Accountability Office, the Financial
Stability Oversight Council, and the Inspector General of the
NCUA have all requested the restoration of the NCUA's third-
party vendor authority.
(4) As of the date of enactment of this Act, significant
cybersecurity threats threaten credit unions and the economy of
the United States.
(5) By giving the NCUA examination parity with other
Federal and State bank supervisors, and restoring third-party
examination authority to the NCUA, this Act, and the amendments
made by this Act, will protect credit union customers and
strengthen credit unions against cybersecurity risks, privacy
violations, and anti-money laundering concerns.
SEC. 3. REGULATION AND EXAMINATION OF CREDIT UNION ORGANIZATIONS AND
SERVICE PROVIDERS.
(a) In General.--The Federal Credit Union Act (12 U.S.C. 1751 et
seq.) is amended by striking section 206A (12 U.S.C. 1786a) and
inserting the following:
``SEC. 206A. REGULATION AND EXAMINATION OF CREDIT UNION ORGANIZATIONS
AND SERVICE PROVIDERS.
``(a) Regulation and Examination of Credit Union Organizations.--
``(1) General examination and regulatory authority.--A
credit union organization shall be subject to examination and
regulation by the Board to the same extent as an insured credit
union.
``(2) Examination by other banking agencies.--The Board may
authorize any of the following entities to make an examination
of a credit union organization in accordance with paragraph
(1):
``(A) Any Federal regulatory agency that supervises
any activity of a credit union organization.
``(B) Any Federal banking agency that supervises
any other person who maintains an ownership interest in
a credit union organization.
``(b) Applicability of Section 206.--A credit union organization
shall be subject to the provisions of section 206 as if the credit
union organization were an insured credit union.
``(c) Service Performed by Contract or Otherwise.--Notwithstanding
subsection (a), if an insured credit union or a credit union
organization that is regularly examined or subject to examination by
the Board, causes to be performed for itself, by contract or otherwise,
any service authorized under this Act, or in the case of a State credit
union, any applicable State law, whether on or off its premises--
``(1) such performance shall be subject to regulation,
examination, and enforcement by the Board to the same extent as
if such services were being performed by the insured credit
union or credit union organization itself on its own premises;
and
``(2) the insured credit union or credit union organization
shall notify the Board, in a manner and method prescribed by
the Board, of the existence of the service relationship not
later than 30 days after the earlier of--
``(A) the date on which the contract is entered
into; or
``(B) the date on which the performance of the
service is initiated.
``(d) Administration by the Board.--The Board may issue such
regulations and orders as may be necessary to enable the Board to
administer and carry out this section and to prevent evasion of this
section.
``(e) Definitions.--For purposes of this section--
``(1) the term `credit union organization' means any entity
that--
``(A) is not a credit union;
``(B) is an entity in which an insured credit union
may lawfully hold an ownership interest or investment;
and
``(C) is owned in whole or in part by an insured
credit union; and
``(2) the term `Federal banking agency' has the same
meaning as in section 3 of the Federal Deposit Insurance Act.
``(f) Exercise of Authority.--To minimize duplicative efforts,
prior to conducting any examination of a credit union organization
under the authority provided to the Board under this section, the Board
shall first seek to collect any information which the Board intends to
acquire through such examination from--
``(1) any Federal regulatory agencies that supervise any
activity of that credit union organization; and
``(2) any Federal banking agency that supervises any other
person who maintains an ownership interest in that credit union
organization.''.
(b) Approval.--Any changes to the budget of the National Credit
Union Administration Board as a result of the amendments made by
subsection (a) shall be featured in a public hearing, subject to public
comment, and approved by the Board.
<all>