McHenry Calls for Financial Industry Cybersecurity Hearings
McHenry cites the recent Capitol One data breach as evidence that the hearings are needed.
The ranking Republican on the House Financial Services Committee is requesting hearings on data security in the financial industry, including the role that regulators play in the oversight of data protection.
“Over the last eight months, we’ve heard from chief executive officers and prudential regulators regarding the most significant issues facing the financial industry, and they all agree that cybersecurity and data protection are critical priorities,” Rep. Patrick McHenry (R-N.C.), wrote in a letter Wednesday to Financial Services Chairwoman Maxine Waters (D-Calif.).
In the letter, McHenry cites the recent Capitol One data breach as evidence that the hearings are needed.
McHenry requested that the hearings include an examination of third-party service providers—a thorny issue in the credit union community.
For several years, financial regulators have said that they need the power to examine such providers; the NCUA is the only prudential regulator without that power.
Credit union trade groups have argued that giving the NCUA that power would increase the regulatory burden that their institutions face.
NCUA board Chairman Rodney Hood has consistently said that cybersecurity is the issue that keeps him up at night.
Recently, the NCUA’s Inspector General’s office released a report that said the agency’s Office of Examinations and Supervision (ONES) does an “adequate” job of probing credit union cybersecurity effort.
ONES does not examine all credit unions—just federal credit unions and federally insured state-chartered credit unions with assets of $10 billion or more and the corporates.
The Inspector General said that ONES has adequately examined credit unions using its Automated Cybersecurity Examination Tool.
The Inspector General also said that the NCUA is in the process of updating its information technology examination program.
“NCUA management believes this approach will ensure the NCUA’s ability to consistently identify cybersecurity risk trends required to establish the priorities and scope of future IT examinations,” the IG said.