NCUA Details Its AI Programs, Asks Congress for Third-Party Vendor Authority

During a Friday hearing on Capitol Hill about artificial intelligence and regtech, an official with the NCUA testified about the AI challenges facing the agency and the growing need for approval from Congress for the NCUA to have third-party vendor authority over the organizations supplying AI technology to credit unions.

Members of the House of Representatives Committee on Financial Services Task Force on Artificial Intelligence listened to testimony from NCUA Director of the Office of Examination and Insurance Kelly Lay, who stated the agency was deep into testing and deploying AI and machine learning technology to validate data more efficiently for quarterly Call Reports.

“This technique automatically clusters credit unions into various buckets and is more appropriate for time-series data,” Lay said. “Further, this technique employs forecasting models comparing actual and predicted values to identify outliers. Deployment of this new technique is expected to occur in the next four quarters and should result in more reliable and consistent Call Report filing across the credit union industry.”

Lay indicated the NCUA was also in the process of researching robotics automation perform routine tasks during examinations. “Examiners could use this tool during examinations to perform various scope steps that currently require extensive manual review or input. The NCUA could save examination time, increase productivity and reduce human errors by deploying this technology,” Lay said.

Other AI-related projects in the works, according to Lay, consist of a “data-driven supervisory initiative with its largest credit unions.”

While the NCUA appears to be on a robust AI path, Lay said the agency “does not have a budget dedicated strictly for AI, and the acquisition of such technology requires immense resources.”

Lay’s comments reflected the AI challenges faced by many credit unions that have contracted with third-party vendors to supply AI technology. As credit unions continue to sign up for these out-of-house services, the NCUA has no authority to regulate or monitor these vendors. The NCUA wants Congress to give them that authority – an ask made numerous times by the agency in the past year.

“In general, credit unions are small, not-for-profit institutions and may not possess sufficient expertise to properly conduct due diligence on what is rapidly becoming a very complex ecosystem of third-party vendors,” Lay said. “These smaller institutions may neither have the economies of scale nor the expertise necessary for sophisticated analytics. While small credit unions play a vital role in their communities, they are commonly short-staffed and may lack the resources required to keep abreast of evolving AI technologies.”

She added, “The continued transfer of operations to CUSOs and other third parties hampers the ability of the NCUA to accurately assess the risks present in the credit union system and determine if current CUSO or third-party vendor risk mitigation strategies are adequate.”

In a statement, NAFCU Vice President of Legislative Affairs Brad Thaler pushed back on the NCUA’s ask for third-party vendor authority. He stated the agency already has tools in place to access third-party vendor information and if Congress gives the NCUA that power, it would result in increased expenditures for the NCUA and for the industry at large.

“NAFCU believes in a strong NCUA, but we also believe that the NCUA should stay focused on where their expertise lies – regulating credit unions,” Thaler wrote in a letter to Committee Task Force members.

He suggested that Congress should require the agency to better analyze the cost benefit of creating a new supervision program, instead of the agency getting the information from FFIEC agencies. “The NCUA should also supply a clear description of the stated objectives and scope of a third-party supervision program,” Thaler wrote.

Both NAFCU and CUNA have been outspoken against the NCUA’s ability to have third-party vendor authority.