"All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the state wherein they reside. No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws."
- 14th Amendment, U.S. Constitution
Adopted July 28th, 1868
House Committee Advances CSBS-Supported Legislation on Exam Coordination
The House Financial Services committee on Thursday advanced legislation that would allow state and federal regulators to coordinate on examinations of a bank's third-party technology service providers.
H.R. 3626, the Bank Service Company Examination Coordination Act (BSCA), enhances the ability of state and federal regulators to coordinate examinations and share information about third-party service providers to banks.
CSBS and state regulators have mounted a full-court press to support H.R. 3626, meeting with Member offices, writing letters explaining the issue to key Members, promoting our position with the media, and engaging the industry on why regulatory coordination increases the efficiency and effectiveness of state and federal regulators.
The BSCA now moves to a vote in the full House of Representatives and must also pass in the Senate and be signed by the President to become law.
CSBS Statement on the Bank Service Company Exam Coordination Act
John Ryan, president and CEO, Conference of State Bank Supervisors
"CSBS appreciates the work of the House Financial Services Committee in approving H.R. 3626, the Bank Service Company Examination Coordination Act. State financial regulators have strongly advocated for legislation to enhance state and federal regulators’ ability to share information on banks’ technology vendors and coordinate exams. H.R. 3626 will make both state and federal oversight more efficient and effective and reduce regulatory burden. We appreciate Representative Williams’ (R-TX) work as the bill’s lead sponsor. CSBS also thanks Representative Luetkemeyer (R-MO) and Ranking Member Waters (D-CA) for their strong words of support for H.R. 3626. State regulators look forward to its consideration by the full House."
What is the BSCA?
State regulators strongly support the Bank Service Company Examination Coordination Act. The BSCA, a bill introduced in the 115th Congress, is commonsense, bipartisan legislation that makes state and federal supervision more efficient and more effective.
About Technology Service Providers
More and more, banks are outsourcing their core business functions to Technology Service Providers, or TSPs. TSPs can be used by banks to fulfill a wide range of functions; hardware management, software development, cybersecurity, payments processing, and even outsourcing tellers are all examples of TSP services. Using a TSP does not free a bank from meeting its regulatory requirements, and TSPs are expected to comply with the same applicable laws and regulations as the bank using their services.
Limitations of Current Law
Currently, the Bank Service Company Act, or BSCA, authorizes federal regulators to examine TSPs, but is silent about the authority and role of state regulators. However, many states have laws allowing state bank regulators to examine TSPs.
The Bank Service Company Examination Coordination (BSCA) Act would amend the BSCA to permit federal banking agencies and state banking agencies to coordinate examinations of TSPs and share results of examinations.
State Regulators’ Position
State regulators strongly support the BSCA Act. The BSCA Act is commonsense, bipartisan legislation that makes state and federal supervision more efficient and more effective.
- Oversight of the businesses providing chartered institutions their bank and technology services is key to ensuring a safe and productive financial system.
- This legislation will enable state and federal regulators to better coordinate their supervision.
- This legislation will also help streamline the supervisory process for third party providers.
- This legislation helps regulatory agencies better safeguard individual institutions, the banking system, and consumers. Sharing supervisory information increases the likelihood of regulators revealing risks and weaknesses in individual institutions and in the greater financial system.
CSBS Letter on the BSCA
The Honorable Roger Williams
United States House of Representatives
1323 Longworth House Office Building
Washington, DC 20515
Dear Representative Williams:
On behalf of the Conference of State Bank Supervisors (CSBS), I am writing to express our members’ strong support for your legislation, H.R. 3626, the Bank Service Company Examination Coordination Act. This legislation will enhance state and federal regulators’ ability to coordinate examination of and share information on banks’ technology vendors in an effective and efficient manner. We appreciate your efforts to bring this bill to the House Financial Services Committee for its consideration and look forward to its enactment.
Currently, banks partner with third-party technology service providers (TSPs) to outsource a wide variety of critical banking services. Banks work with TSPs to perform a variety of functions, including process and management services for core business operations such as loan and deposit taking, payment services, IT security and testing, and call centers. Increasingly, banks are seeking to partner with fintech firms. As part of our Vision 2020 initiative, this bill will support banks’ ability to leverage technology through these business relationships.
The Bank Service Company Act (BSCA) authorizes federal regulators to examine TSPs to assess the potential risks they pose to individual client banks and the broader banking system. Currently, 38 states have similar authority under state law. We note that this bill does not create any new authority at the state level. The BSCA is silent regarding authorities and/or roles of state banking regulators. The BSCA silence results in duplication and inefficient supervision. Amending the BSCA to appropriately reflect states’ authority to examine TSPs will improve state-federal coordination and information sharing and promote more efficient supervision of TSPs that provide critical services to a broad range of banks.
The 2017 Annual Report of the Financial Stability Oversight Council (FSOC) recommended legislation for coordinated TSP examinations. The report stated,
“Finally, the authority to supervise third-party service providers continues to vary across financial regulators. The Council supports efforts to synchronize these authorities and enhance third-party service provider information security. The Council recommends that Congress pass legislation that grants examination and enforcement powers to the SEC, CFTC, FHFA, and NCUA to oversee third-party service providers and encourages coordination among federal and state regulators in the oversight of these providers. This will both reduce potential conflicting and duplicative regulatory oversight and promote more consistency in cybersecurity."
As noted above, many state regulators have authority under state law to examine entities providing services to state chartered institutions. Last fall, Equifax, one of the country’s three major credit reporting agencies disclosed that a vulnerability in one of its websites was exploited by criminal hackers to gain access to the personal information of an estimated 146 million U.S. consumers. After this disclosure, several states initiated an examination of the company to evaluate the company’s cybersecurity, internal audit, risk management and controls. Last month, several state financial regulatory agencies entered into a Consent Order with Equifax requiring the company to undertake a restructuring of its risk management processes, strengthening of internal controls and processes, and enhanced oversight by the Board of Directors on the information security program.
Exam coordination and improved information sharing among state and federal regulators will allow regulators to use limited resources more effectively to avoid duplicative examinations and reduce regulatory burden. State bank regulators firmly support passage of H.R. 3626, the Bank Service Company Examination Coordination Act, and look forward to its enactment.
John W. Ryan
President and CEO
American Banker: State regulators push bill to coordinate exams of third-party service providers
American Banker is among the publications that reported on state regulators' support for the BSCA.
From American Banker:
The Conference of State Bank Supervisors is supporting a bill introduced by Rep. Roger Williams, R-Texas, that would amend the Bank Service Company Act (BSCA), which authorized federal regulators to examine third-party technology service providers to assess the potential risks they post to individual client banks and the broader system.
The group says the response by state regulators to the Equifax data breach highlights the value of coordination between state and federal regulators.
Exam coordination and improved information sharing among state and federal regulators will allow regulators to use limited resources more effectively to avoid duplicative examinations and reduce regulatory burden, John Ryan, the president and chief executive officer of the bank supervisor group, said in the letter to [Rep.] Williams.