Bill Overview
Title: Improving Cybersecurity of Credit Unions Act
Description: This bill subjects credit union organizations and third-party service providers to examination and regulation by the National Credit Union Administration to the same extent as insured credit unions.
Sponsors: Sen. Ossoff, Jon [D-GA]
Target Audience
Population: People who use credit unions
Estimated Size: 126000000
- The primary entities affected by this bill are credit union organizations and third-party service providers engaged with them, as they will now be subject to new examination and regulation requirements.
- Insured credit unions, though already regulated, may experience secondary effects due to changes in the regulatory environment and possible downstream impacts from their service providers.
- Members of credit unions may be indirectly affected due to changes in operations or costs incurred by credit unions to comply with the new regulations.
Reasoning
- The policy is aimed primarily at improving cybersecurity for credit unions, which should have a positive impact on members' confidence and security, but may also lead to additional costs for credit unions.
- Given the budget constraints, the implementation of this policy will likely focus initially on larger credit unions and key third-party service providers, impacting a significant, but not the entire, population of credit union users and employees.
- Costs for regulation compliance could lead to fees or additional costs for credit union members, potentially affecting their financial wellbeing.
- While this policy mainly targets organizations, individual members may experience indirect effects through improved security or potential service costs.
Simulated Interviews
Software Engineer (San Francisco, CA)
Age: 32 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 5.0 years
Commonness: 3/20
Statement of Opinion:
- I think stronger cybersecurity measures are important, especially with increasing threats.
- My company will likely need to adapt its services which could be challenging initially, but is necessary for long-term trust.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 9 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Credit Union Manager (Dallas, TX)
Age: 45 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 2/20
Statement of Opinion:
- Additional regulations mean more work for us, but cybersecurity is critical.
- I'm concerned about the costs potentially affecting our budget.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 4 |
Bank Customer (New York, NY)
Age: 29 | Gender: other
Wellbeing Before Policy: 7
Duration of Impact: 2.0 years
Commonness: 15/20
Statement of Opinion:
- I hope this leads to better security and fewer data breaches.
- If fees increase, I'll be concerned.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 7 | 6 |
| Year 10 | 7 | 6 |
| Year 20 | 7 | 6 |
Retired (Miami, FL)
Age: 62 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 10/20
Statement of Opinion:
- I'm glad to see steps being taken for better security.
- But, I am on a fixed income and worry about potential cost increases.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 6 |
| Year 5 | 6 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 5 |
Third-party IT consultant (Chicago, IL)
Age: 54 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 2/20
Statement of Opinion:
- This could bring more business as credit unions need to comply with new standards.
- It will be important to manage the workload efficiently.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 5 |
| Year 10 | 9 | 5 |
| Year 20 | 9 | 5 |
Credit Union Loan Officer (Phoenix, AZ)
Age: 41 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 5.0 years
Commonness: 4/20
Statement of Opinion:
- Cybersecurity is crucial, but the policy doesn't seem directly impacting my day-to-day work.
- Costs could affect loan interest rates, which concerns clients more.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
Self-employed (Boise, ID)
Age: 37 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 3.0 years
Commonness: 8/20
Statement of Opinion:
- I highly value the security of my business transactions.
- I'm hopeful this won't lead to increased fees.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 5 |
College Student (Seattle, WA)
Age: 26 | Gender: female
Wellbeing Before Policy: 9
Duration of Impact: 4.0 years
Commonness: 12/20
Statement of Opinion:
- It is good to see practical steps in cybersecurity for financial institutions.
- I might consider a career in this field after graduation.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 9 | 9 |
| Year 2 | 9 | 9 |
| Year 3 | 9 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Third-party Vendor Manager (Boston, MA)
Age: 47 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 5.0 years
Commonness: 4/20
Statement of Opinion:
- Stronger regulations will require us to enhance our solutions.
- It aligns with market trends, so adjustments are expected.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 6 |
| Year 20 | 8 | 6 |
Credit Union Teller (Denver, CO)
Age: 52 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 1.0 years
Commonness: 18/20
Statement of Opinion:
- I suspect there will be training involved, but my job will remain mostly unchanged.
- As long as customers remain trusting, I'm fine with it.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 6 | 6 |
| Year 10 | 6 | 6 |
| Year 20 | 6 | 6 |
Cost Estimates
Year 1: $50000000 (Low: $40000000, High: $60000000)
Year 2: $50000000 (Low: $40000000, High: $60000000)
Year 3: $50000000 (Low: $40000000, High: $60000000)
Year 5: $45000000 (Low: $35000000, High: $55000000)
Year 10: $40000000 (Low: $30000000, High: $50000000)
Year 100: $35000000 (Low: $25000000, High: $45000000)
Key Considerations
- The scalability of cybersecurity measures across different sizes of credit unions will impact both implementation costs and effectiveness.
- The potential for cost savings from reduced cyber incidents is hard to quantify but represents a key long-term benefit.
- Compliance costs vary depending on each entity's existing cybersecurity framework and preparedness.