WASHINGTON — The U.S. financial system has weathered several external threats in the past year, but significant hazards remain, including the potential for cyberattacks and excessive concentration of risk in central counterparties, according to a report by the Financial Stability Oversight Council.
The interagency council's annual report, released Tuesday, noted that the system has not suffered lasting effects from a precipitous drop in oil prices or ongoing crises in the Ukraine and the Middle East.
But as those threats recede, others pose significant risks to financial stability and demand greater attention from policymakers, said Treasury Secretary Jack Lew.
"There have been a host of technological, competitive, and regulatory changes that continue to reverberate and create potential new stresses to the system," Lew said. "Cybersecurity is a primary focus of multiple agencies today. Central counterparties have grown in importance to financial stability and market resiliency. Market structures are evolving, and this had led to financial innovation and some migration of activities away from traditional players."
NCUA Chairman Debbie Matz is one of 10 voting members on the FSOC, which also includes Lew, the chairman of the Federal Reserve, the Comptroller of the Currency, and the heads of the Consumer Financial Protection Bureau, the Securities and Exchange Commission and the Federal Deposit Insurance Corp., among others
Cyber threats topped the list of concerns outlined in the report. The Council said cyberattacks are "creating a growing operational risk to the financial sector" and reiterated past calls for Congress to pass "comprehensive legislation on cybersecurity issues, including information sharing and data breach notifications."
FSOC encouraged continued work by the Federal Financial Institutions Examination Council to coordinate responses and information sharing where possible within the financial services sector and called on all financial market stakeholders to collaborate with the Financial and Banking Information Infrastructure Committee to communicate threats and data breaches.
The report also recommended that greater emphasis be placed on having third-party vendors meet certain cybersecurity minimum standards; placing additional security protocols on administrative access for financial institutions; and enhance firms' ability to recover in the case of an inevitable attack.
The report's emphasis on cybersecurity comes as lawmakers struggle to address some of the most core elements of a cybersecurity bill, including scope, enforcement and whether such a law should supersede state cybersecurity laws. The House Financial Services Committee held a hearing on the subject last week and again on Wednesday.
Giving NCUA and FHFA Authority to Supervise
In its report, the Council recommended that NCUA and the Federal Housing Finance Agency be given authority to supervise third-party service providers that conduct business with credit unions.
"I am extremely pleased that the Council recommends the granting of examination and enforcement powers to NCUA and Federal Housing Finance Agency to oversee third-party service providers engaged respectively with credit unions and the government-sponsored enterprises," said Matz in a statement. "I view NCUA's inability to examine critical credit union service providers as a significant regulatory gap."
Carrie Hunt, NAFCU's senior vice president of government affairs and general counsel, said that it's not surprising FSOC is suggesting a new layer of regulation. She reiterated the trade group's opposition to NCUA having direct third-party vendor authority, noting that would be costly for CUs and unnecessary for credit union safety and soundness.
"While NAFCU acknowledges the importance of cybersecurity and risk management, we firmly believe that cybersecurity and third-party vendor examination authority do not go hand in hand," Hunt said in a statement.
—Marian Raab contributed to this article.