Carrie Hunt, senior vice president of Government Affairs and General Counsel for NAFCU, sent a letter to Senate Majority Leader Mitch McConnell (R-Ky.) and Minority Leader Harry Reid (D-Nev.) stating the trade organization does not support using credit union resources to expand the NCUA's examination authority.

"We believe that the agency already has the tools that it needs to address concerns with vendors," Hunt said in the letter. "The key to success with appropriate management of vendors is due diligence on behalf of the credit union. NAFCU supports credit unions being able to do this due diligence and the NCUA already offers due diligence guidance to credit unions. Giving the NCUA additional authority will require the agency to develop an additional outlay of agency resources, which will in turn necessitate higher costs to credit unions."

CUNA President/CEO Jim Nussle also sent a letter Wednesday to McConnell and Reid to encourage leadership to oppose the amendment, stating it is unnecessary and burdensome.

While the trades have long argued against regulatory overreach, Nussle said this amendment also exceeds the scope of the legislation to which it is being proposed and should be considered first by the Banking Committee under regular order.

"Credit unions are already supervised for due diligence in third-party vendor relationships during their regular examinations, and many of the third parties on which credit unions rely also serve banks and, therefore, are subject to supervision by banking regulators," Nussle wrote. "We question what will be gained from this additional authority when credit unions are already required to perform due diligence on their third-party relationships and such due diligence is presently subject to supervision by the NCUA. We further question the need to extend this authority to CUSOs, which are generally owned by credit unions, when the NCUA is presently able to supervise them through the credit unions that own them."

The GAO's last report, which recommended giving the NCUA vendor authority, was in response to a request from Congress on how to prevent cybersecurity hacks. The NCUA is the only regulator that does not have authority to examine third-party vendors and had previously told CU Times that obtaining that authority remains the NCUA's top legislative priority.

The NCUA said it supports the amendment.

"The NCUA is alone among financial institution regulators in lacking third-party vendor authority.," NCUA Public Affairs Specialist John Fairbanks said. "Both the Government Accountability Office and the Financial Stability Oversight Council have recommended the NCUA have the same authority as our fellow regulators. This is a critical area, particularly in the area of cybersecurity, and this authority would better enable the agency to address threats before they strike, provide better protection for credit unions and help avoid crises."

The NCUA said it already has the resources to manage third parties and would not need to hire additional staff to necessitate the change.

"We would reallocate existing resources and make it a priority to look at third-party vendors who present the greatest potential risk and were not already covered in the FFIEC's supervisory cycle," Fairbanks said.

As of Wednesday, the Senate will only look at 21 of the 71 amendments that had been proposed and even then, the cybersecurity bill, CISA, won't be addressed by the Senate until after the summer recess. Democrats will get 11 amendments and Republicans will have 10, with Warren's amendment being pushed to the back burner, according to a Washington insider. The bill in its entirety is at risk of being voted down despite support from the White House due to concerns from Republicans that it would allow everyone from financial institutions to social media companies to secretly share the private information of their users and customers with the federal government.