BPI issues statement in advance of the U.S. Senate Committee on Homeland Security and Governmental Affairs markup
Washington, D.C. — Today the U.S. Senate Committee on Homeland Security and Governmental Affairs is scheduled to mark up legislation to improve information sharing on cybersecurity threats between the private sector and government partners and strengthen federal cybersecurity. In advance of today’s vote, BPI Executive Vice President and President of BITS Chris Feeney issued the following statement:
We appreciate the Committee’s efforts to streamline the reporting of cyber incidents by affected companies, an effort that financial institutions have been conducting in accordance with law and regulation for over 20 years. Banks entrust data on cyber incidents and potential threats to law enforcement, regulators and other government partners to help strengthen the financial system and fight financial crime. It is critical that this sensitive information should be covered by the same liability, disclosure and misuse protections whether it is reported directly to CISA or shared with CISA by regulators. We look forward to working with the Committee to include these protections which will further enhance cyber information sharing and enable banks to remain focused on protecting consumers. We value the Committee’s willingness to collaborate with stakeholders and ongoing commitment to address this issue and look forward to continuing to work together to ensure such protections are included before final passage.
Chairman Peters and Ranking Member Portman have worked diligently to solicit and thoughtfully consider input from a wide range of stakeholders during the drafting process for the Cyber Incident Reporting Act (S. 2875), and BPI values the opportunity to continue to offer industry feedback as the legislative process progresses. Many of the provisions under consideration in the Senate legislation closely align with a proposal recently passed in the House as part of an en bloc amendment to the National Defense Authorization Act for Fiscal Year 2022. Both versions of the legislation recognize the need to harmonize new incident reporting requirements with existing laws and regulations. Additionally, both would establish enhanced reporting requirements with a clear outline for how to report timely information to CISA so that CISA has visibility into cyber threats and can effectively disseminate this information back to the private sector to support its response efforts.
If the legislation is passed by the full Senate, the two versions of the legislation will proceed to conference committee to reconcile the differences between House and Senate proposals.
In addition, the Committee is also considering legislation to strengthen cybersecurity across the federal government. The Federal Information Modernization Act of 2021 (S. 2902) includes a BPI recommendation to notify private entities if their sensitive or confidential information that has been shared with the government is impacted by a cyber incident. Financial institutions are required to share information with regulators and other government agencies that, if breached, could pose risks to the institution and its customers. The Committee’s bill recognizes the importance of providing greater transparency to private industry of cyber incidents affecting government systems and would allow a firm to take proactive measures to mitigate risks, helping protect the firm, its customers and potentially the broader financial sector.
About Bank Policy Institute.
The Bank Policy Institute (BPI) is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks and their customers. Our members include universal banks, regional banks and the major foreign banks doing business in the United States. Collectively, they employ almost 2 million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth.