Menu
Banking Exchange Magazine Logo
Menu

New Cybersecurity Legislation Sparks Concerns Among Financial Trade Groups

Groups claim the legislation would hinder, rather enhance, current efforts toward cybersecurity

  • |
  • Written by  Banking Exchange staff
  • |
  • Comments:   DISQUS_COMMENTS
New Cybersecurity Legislation Sparks Concerns Among Financial Trade Groups

A new cybersecurity bill could hinder online security at banks and other financial institutions, trade bodies have warned.

In a letter to the Senate Intelligence Committee, the American Bankers Association (ABA), the Bank Polity Institute and the Consumer Bankers Association warned that the Cyber Notification Act of 2021 clashed with existing legislation and would be problematic for banks to implement safely.

The groups said they did not support the act in its current form as they believed it would hinder, rather than enhance, cybersecurity.

The trade bodies urged the committee to ensure that any new requirements for reporting, oversight and enforcement of cybersecurity issues be harmonized with existing regulatory requirements to avoid confusion and the potential undermining of previous rulesets.

Misalignments highlighted in the letter included financial penalties for non-compliance, and the extension of reporting to other regulators. The trade bodies recommended that the legislation include a mandate for the Cybersecurity and Infrastructure Security Agency (CISA) to work with all regulatory agencies to develop a common reporting form and streamlined process.

“Otherwise, still more time will be spent by first responders working with firms’ legal and compliance terms to ensure that each agency’s requirement is met rather than focusing those efforts on protecting critical infrastructure,” the letter stated.

The organizations also requested that the timeline for reporting a cybersecurity incident should be extended to 72 hours. The current 24-hour maximum written in the bill would not give enough time for institutions to provide more accurate reports, they argued, since firms often have limited information on an event in the first 24-36 hours.

Another request was that the scope of reporting be reduced to events that cause actual harm to avoid overwhelming CISA’s analytical efforts. The groups claimed that the agency would be inundated with near-constant reports considering the number of incidents firms see already on a daily basis.

The groups also raised an issue regarding the safety of data, requesting that a mechanism be put in place to notify a critical infrastructure entity when an incident attacks a federal system holding that entity’s sensitive data.

back to top

Sections

About Us

Connect With Us

Resources

Webinar — Leveraging Open Banking Trends to Transform Your Institution

Time/Date: October 5th, 2:00 CT

The concept of open banking is ushering in exciting new possibilities for financial institutions of all sizes, transforming how they do business and driving new revenue opportunities. Join Shane Ferrell, Vice President of Product Strategy and Director of Software Engineering Barkley Hughes as they answer these questions and more: 

• What is open banking, and how does a financial institution take full advantage of this rapidly growing technology?

• What are key areas to look for when considering leveraging a third-party technology or an open banking marketplace?

• What role does FDX play in the future of open banking?

REGISTER NOW!

This webinar is brought to you by:
OneSpan logo