Data security legislation
With merchant data breaches increasing and the threat of a pending terrorist cyber-attack increasing, the desire to enact legislation that would improve data security standards has substantially increased in recent months.
Several congressional committees have acted to improve payment card, data security policies. More than a dozen bills on this topic have been considered and, throughout the process, CUNA has focused lobbying efforts on a handful of overarching goals:
- Avoiding increased regulatory burden on credit unions;
- Providing consumer notice of data breaches; and
- Making sure merchants are held liable for the breaches they create.
Credit unions already are subject to the strong data security requirements of the Gramm-Leach-Bliley Act (GLBA). Some of the new bills that were under consideration would have imposed duplicative requirements on credit unions. CUNA has worked on Capitol Hill to secure exemptions for institutions subject to GLBA requirements.
CUNA also favors a national standard for data security safeguards and notification requirements. As Congress considers this legislation, CUNA continues to highlight the importance of how consumers are notified of data breaches. Credit unions must be the first entity to notify their members of a merchant data breach because they know better than merchants how to contact affected cardholders. But CUNA feels strongly that credit unions must be able to disclose the source of a breach to avoid “reputation risk.”
CUNA also has urged Congress to assign liability for data breaches to the entities that experience the breaches, and to give credit unions the ability to recoup all costs incurred as a result of any breaches. CUNA also supports efforts to require merchants to comply with existing regulation on payment card data destruction.
These issues aren’t new to Congress. Some committees considering data security legislation have had these bills under consideration for several years. Nothing moves, because so many different committees have a piece of jurisdiction.
But there’s potential for movement in 2012 because of the prospect of a significant cyber-attack on the U.S. If Congress views data security standards through this lens, it’s much more likely a comprehensive data security bill will be enacted this year.
Housing finance reform
Housing finance reform might have the most significant long-term legislative effect on credit unions. The questions before Congress are how the government-sponsored enterprises (GSEs)—Fannie Mae and Freddie Mac, which have operated under conservatorship since 2008—will be resolved, and what the secondary housing market will look like going forward.
In 2011, Congress held nearly two dozen hearings on housing finance, and introduced legislation to move to a completely privatized housing finance system. CUNA testified before the Senate Banking Committee and outlined a series of principles and concerns credit unions would like to see addressed in the legislative process.
While formal action on housing finance reform legislation isn’t expected to be completed in 2012, this issue will continue to receive significant consideration throughout the year. This could set up the possibility that comprehensive legislation might be enacted after the new Congress convenes in 2013.
As Congress moves forward, CUNA will continue to press for a system that:
- Gives credit unions equal access to the secondary market;
- Gives consumers continued access to mortgage products that have predictable and affordable payments; and
- Facilitates an orderly resolution and transition from the current GSE system.
CUNA also will push to make sure that whatever legislation passes Congress provides for strong oversight and supervision of secondary-market participants, and that it’s durable enough to withstand future financial crises.
Next: Supplemental capital