Home / Press/ Press Releases

Redundant Reporting Stresses Banks’ Cybersecurity Readiness, Warrants White House Review

Austin Anton

Banks Recommend Office of the National Cyber Director Harmonize Cyber Regulations

Washington D.C. – The Bank Policy Institute and American Bankers Association today made recommendations to the Office of the National Cyber Director in response to its effort to harmonize cyber regulations under the National Cybersecurity Strategy. Unlike other industries, financial institutions are subject to multiple regulators exercising authority on a litany of complex and overlapping regulations. The letter summarizes these existing obligations and recommends a balanced approach to compliance that would help cybersecurity professionals focus on their critical operational responsibilities.

Overlapping and redundant compliance requirements divert resources that could otherwise be used to protect against future threats,” the groups stated. “Greater coordination among all financial regulators and with industry are prerequisites to a more secure sector, and the optimal way to get there is to assess existing requirements and unify around common goals and standards creating a more streamlined and efficient regulatory process.”

The groups specifically call on the ONCD to prioritize the following as it assesses cyber requirements across all sectors:

  • Improve coordination: Regulators should coordinate with each other to lessen the effect of overlapping requirements.
  • Increase subject matter expertise. Regulators should understand the industries they regulate and have practical and subject matter expertise.
  • Promote common standards. Common standards and frameworks enable firms to prioritize resources and allocate investments, facilitating effective risk management and supervision.
  • Increase regulatory reciprocity. Regulators should accept the reports, findings and test results of other regulators and not require firms to demonstrate compliance with the same or substantially similar requirements.

What’s the background?

The White House Office of the National Cyber Director issued a request for information on July 19, 2023, to solicit comments from industry. These recommendations will contribute to the ONCD’s effort to coordinate cybersecurity regulation and strategy across the broader economy.

As highlighted in a recent report by the Department of Homeland Security, financial institutions comply with more cyber incident reporting requirements than any other industry. Obligations for the financial sector extend beyond incident reporting and include requirements for cyber incident disclosure, consumer breach notification, operational resilience and data privacy and security.  For example, these requirements are enforced by the prudential banking regulators, the Department of Treasury, CISA, CFTC, CFPB, FTC, SEC and NYDFS.

  • Cyber Incident Reporting for Critical Infrastructure Act
  • Gramm-Leach-Bliley Act
  • FFIEC IT Examination Handbook
  • Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
  • SEC Rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
  • The Fair Credit Reporting Act
  • Right to Financial Privacy Act
  • National Association of Insurance Commissioners (NAIC) Model Law
  • State Data Breach Notification Requirements

Financial institutions must also comply with laws in other jurisdictions, such as the European Union General Data Protection Regulation (GDPR) and the European Union NIS Directive 1.0, which oftentimes affect U.S. business practices.

Identifying these requirements and minimizing potential overlap will allow banks to better respond to immediate threats and adapt to rapid technological change on the horizon.

To access a copy of the letter, please click here.

###

2023.10.31-BPI ABA ONCD RFI Response 2023.10.31Download

About Bank Policy Institute.

The Bank Policy Institute (BPI) is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks and their customers. Our members include universal banks, regional banks and the major foreign banks doing business in the United States. Collectively, they employ almost 2 million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth.

About the American Bankers Association.

The American Bankers Association is the voice of the nation’s $23.5 trillion banking industry, which is composed of small, regional and large banks that together employ more than 2.1 million people, safeguard $18.6 trillion in deposits and extend $12.3 trillion in loans.

Media Contact

Austin Anton
Bank Policy Institute
austin.anton@bpi.com

Sarah Grano
American Bankers Association
sgrano@aba.com

Media Inquiry

  • This field is for validation purposes and should be left unchanged.
You Might Also Be Interested In...
Cybersecurity BPI and ABA Recommend Office of the National Cyber Director Harmonize Cyber Regulations
Regulatory Reporting and Accounting BPI and Coalition of Trades Oppose PCAOB’s Proposed Changes to Auditing Standards
Cybersecurity Image showing microphones for press cover SEC Rule on Cyber Disclosure Risks Harming Investors, Exacerbates Security Risks
Cybersecurity Image showing microphones for press cover Joint Trades Support Advancement of FISMA
Cybersecurity BPI’s BITS comments on the National Institute of Standards and Technology’s Discussion Draft of the Cybersecurity Framework 2.0 Core
Cybersecurity BPI, SIFMA, IIB and ABA Respond to the Rule 10 Proposal Issued by the Securities and Exchange Commission
Cybersecurity BPI, SIFMA, SIFA AMG, IIB and ABA Respond to the Proposed Amendments to Regulation S-P Issued by the Securities and Exchange Commission
Cybersecurity Interviewing businessman or politician, press conference BPI Calls on SEC to Better Balance Investor Transparency and Cybersecurity Risks
More Posts by This Author
FinTech & Innovation Image showing microphones for press cover BPI Response to CFPB Proposal to Improve Oversight of Big Tech
Announcements Interviewing businessman or politician, press conference BITS Hires Greg Williamson as SVP, Fraud Reduction
Supervision & Enforcement Interviewing businessman or politician, press conference BPI Response to FSOC Guidance on the Designation of Systemically Important Non-Banks
Central Bank Digital Currency Interviewing businessman or politician, press conference BPI’s Paige Pidano Paridon Testifies on CBDC Before House Subcommittee
Consumer Affairs Interviewing businessman or politician, press conference Limiting Medical Payment Options Won’t Deter Costs but Will Reduce Access to Services
Basel Finalization Interviewing businessman or politician, press conference New BPI Ad Campaign Encourages Americans to Demand Accountability from Regulators for Higher Loan Prices
Announcements Interviewing businessman or politician, press conference BPI Hires Haelim Anderson as SVP in Research
Cybersecurity Image showing microphones for press cover SEC Rule on Cyber Disclosure Risks Harming Investors, Exacerbates Security Risks