Banking Groups Urge Treasury to Strengthen Cybersecurity

A coalition of banking trade groups has urged the US Treasury to overhaul how federal financial regulators manage sensitive data following the latest in a series of data breaches.

In a letter to Treasury Secretary Scott Bessent, the Bank Policy Institute, American Bankers Association, MFA and SIFMA raised concerns about regulators’ data management practices, warning that rising threats from hostile nation-states highlight the urgent need to address vulnerabilities.

The organizations wrote: “[G]overnment agencies are increasingly the target of persistent and sophisticated nation-state attacks that could disrupt financial markets and our economy.”

“It is imperative that federal regulators recognize that they are equally a target of malicious actors and implement the same or substantially similar cybersecurity and incident response practices that they expect financial institutions to maintain.”

The call follows major cyber incidents at both the Treasury Department and the Office of the Comptroller of the Currency (OCC) over the past two years.

Hackers breached the OCC’s systems in May 2023, but the intrusion wasn’t detected until February 2025, leaving systems exposed for more than 18 months.

The attack compromised around 148,000 emails, some potentially containing sensitive supervisory data that could aid hostile nation-states in targeting US financial institutions.

The group said the incidents reveal a broader pattern of poor data security and weak accountability across US agencies. To reduce future risks, they issued four recommendations, including holding regulators to the same data protection standards as private firms.

They also urged against centralizing sensitive data that could jeopardize entire sectors, instead advocating for companies to retain control of their own information. Additional proposals included limiting data collection to what is strictly necessary and requiring agencies to notify affected firms when breaches occur.