Recently the House recently unanimously approved legislation that would enhance the ability of state and federal regulators to coordinate the examinations of a bank’s technology vendor. I urge the Senate to do the same.
The Bank Service Company Examination Coordination Act, H.R. 241, would update an existing law so that regulators can effectively and efficiently examine third-party service providers (TSPs).
That law, the Bank Service Company Act, authorizes federal regulators to examine TSPs to assess any potential risks they pose to individual client banks and the broader banking system.
Many state banking regulators are authorized under state law to examine TSPs and are responsible for ensuring these relationships do not pose undue risks to the state-chartered banking system, which accounts for 79 percent of the nation’s banks. However, the Bank Service Company Act is silent regarding state bank regulators. That limits the ability of federal regulators to share information with state regulators and often results in duplicative and inefficient examinations.
To be clear, H.R. 241 would not grant any new authority to state regulators; it would update federal law to recognize the state’s role in supervising TSPs and encourage state and federal coordination of their exams.
This means an improved and more efficient regulatory system, which is increasingly important with the explosive growth of fintech companies and cloud computing solutions that partner with banks to provide core business services
This bill complies with the Financial Stability Oversight Council’s 2017 annual report that recommended coordinated federal and state TSP examinations. Additionally, for state regulators, H.R. 241 is a matter of protecting consumers’ sensitive information.
When state and federal regulators are working together, we provide a network of supervision that strengthens our financial system. And that helps the communities served by the banks we supervise. The most recent CSBS annual survey shows that cybersecurity breaches are the greatest concern to community banks. This bill would help address those breaches early on.
The Bank Service Company Examination Coordination Act additionally would reduce regulatory burdens for the vendors. H.R. 241 does not encourage more examinations. It promotes information sharing between state and federal regulators who are already examining a TSP so they can effectively use resources to avoid duplicative examinations.
And it is time. The Bank Service Company Act was enacted in 1962. As Rep. Steve Stivers (R-Ohio) noted on the House floor, that was a year before zip codes were introduced and the first push button phones were made available in this country.
Think about how much the world has changed since then. For banks, a modern world includes providing technology to keep up with customer demands. That means they increasingly contract with third-party vendors to provide services for core business operations that includes loan production, deposit taking, payment services, IT security and call centers.
We think regulation should adapt as well. Information sharing between federal and state regulators will mean more efficient and effective examinations of TSPs. Who could argue with that?
John W. Ryan is president and CEO of the Conference of State Bank Supervisors, the nationwide organization of state banking and financial regulators from all 50 states, the District of Columbia and the U.S. territories.