CSBS Supports The Bank Service Company Examination Coordination Act
The Honorable Roger Williams
United States House of Representatives
1323 Longworth House Office Building
Washington, DC 20515
Dear Representative Williams:
On behalf of the Conference of State Bank Supervisors (CSBS)1, I am writing to express our members’ strong support for your legislation, H.R. 3626, the Bank Service Company Examination Coordination Act. This legislation will enhance state and federal regulators’ ability to coordinate examination of and share information on banks’ technology vendors in an effective and efficient manner. We appreciate your efforts to bring this bill to the House Financial Services Committee for its consideration and look forward to its enactment.
Currently, banks partner with third-party technology service providers (TSPs) to outsource a wide variety of critical banking services. Banks work with TSPs to perform a variety of functions, including process and management services for core business operations such as loan and deposit taking, payment services, IT security and testing, and call centers. Increasingly, banks are seeking to partner with fintech firms. As part of our Vision 2020 initiative, this bill will support banks’ ability to leverage technology through these business relationships.
The Bank Service Company Act (BSCA) authorizes federal regulators to examine TSPs to assess the potential risks they pose to individual client banks and the broader banking system. Currently, 38 states have similar authority under state law. We note that this bill does not create any new authority at the state level. The BSCA is silent regarding authorities and/or roles of state banking regulators. The BSCA silence results in duplication and inefficient supervision. Amending the BSCA to appropriately reflect states’ authority to examine TSPs will improve state-federal coordination and information sharing and promote more efficient supervision of TSPs that provide critical services to a broad range of banks.
The 2017 Annual Report of the Financial Stability Oversight Council (FSOC) recommended legislation for coordinated TSP examinations. The report stated,
“Finally, the authority to supervise third-party service providers continues to vary across financial regulators. The Council supports efforts to synchronize these authorities and enhance third-party service provider information security. The Council recommends that
Congress pass legislation that grants examination and enforcement powers to the SEC, CFTC, FHFA, and NCUA to oversee third-party service providers and encourages coordination among federal and state regulators in the oversight of these providers. This will both reduce potential conflicting and duplicative regulatory oversight and promote more consistency in cybersecurity2.
As noted above, many state regulators have authority under state law to examine entities providing services to state chartered institutions. Last fall, Equifax, one of the country’s three major credit reporting agencies disclosed that a vulnerability in one of its websites was exploited by criminal hackers to gain access to the personal information of an estimated 146 million U.S. consumers. After this disclosure, several states initiated an examination of the company to evaluate the company’s cybersecurity, internal audit, risk management and controls. Last month, several state financial regulatory agencies entered into a Consent Order with Equifax requiring the company to undertake a restructuring of its risk management processes, strengthening of internal controls and processes, and enhanced oversight by the Board of Directors on the information security program.
Exam coordination and improved information sharing among state and federal regulators will allow regulators to use limited resources more effectively to avoid duplicative examinations and reduce regulatory burden. State bank regulators firmly support passage of H.R. 3626, the Bank Service Company Examination Coordination Act, and look forward to its enactment.
John W. Ryan
President and CEO
1 CSBS is the nationwide organization of state regulators from all 50 states, American Samoa, the District of Columbia, Guam, Puerto Rico, and the U.S. Virgin Islands. State banking regulators charter and supervise nearly 4,400 institutions, representing almost 79 percent of the nation’s banks. Additionally, most state banking departments regulate a variety of non-bank financial services providers, including those engaged in mortgage, money transmission, consumer finance, and other industries. For more than a century, CSBS has given state supervisors a national forum to coordinate supervision of their regulated entities and to develop regulatory policy.