GAO lambastes credit union regulator for slow IT fix

In its latest criticism of agencies that have failed to assess and fix computers to properly manage the Year 2000 date change the General Accounting Office last month blasted the National Credit Union Administration for not moving fast enough to fix its computer systems.

Last month GAO told the Senate Subcommittee on Financial Services and Technology that the NCUA a federal financial agency that regulates 11 300 federally insured credit unions that have assets totaling $326 billion lacks a detailed Year 2000 plan needs a qualified staff to perform Year 2000 fixes and needs to develop a contingency plan to address possible computer failures if the systems are not properly fixed.

"The resulting problems could range from the inability to make calculations integral to a credit union's day-to-day business to [automated teller machine] phone systems and alarm system breakdowns " according to GAO's testimony. "For some credit unions Year 2000 problems could even result in their failure."

Jack Brock director of information resources management at GAO said "Our concern is that right now they can't tell you where they are and they probably won't be able to tell you that much until the end of the calendar year. Even though we're concerned about the NCUA's limited oversight over the process we did not...look at individual credit unions so I would be reluctant to say...that individual credit unions are doing great or are in real trouble. We just don't know."

NCUA chairman Norman D'Amours sent a letter this month to Sen. Robert Bennett (R-Utah) chairman of the Senate's Financial Services and Technology Subcommittee saying that while GAO's testimony contains useful observations on quarterly reporting management certification and notification to credit union auditors the NCUA "has concerns over the appropriateness of some of the observations and actions requested of the agency."

D'Amours reiterated that the NCUA board will have the initial assessment of its systems completed by Dec. 31. "The data will identify the credit unions that are not [Year 2000-compliant] those that have inadequate plans to achieve compliance and those that are taking no action at all."

D'Amours also said GAO's deadlines for collecting this information are unattainable.

"It will not be possible for the NCUA to implement a new data collection system to obtain the information recommended by GAO to meet a Nov. 15 deadline due to the large amount of time necessary to develop implement and administer such a program " D'Amours said.

Bennett said he is "troubled" by the NCUA's response to GAO's conclusions. According to the senator in a statement before the House Banking Committee last week the NCUA brushed aside GAO's assertion that for some credit unions the Year 2000 problem could result in their failure.

Bennett observed that while the NCUA implicitly agreed with GAO's assertion that the NCUA does not have the expertise to deal with the Year 2000 problem the agency still argues that it must work with limited staff resources.

Bennett also was disappointed that the NCUA said it will not be able to conduct the assessments and appropriate fixes within the deadlines outlined by GAO.

GAO plans to issue its formal recommendations to the NCUA sometime next month.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.