Banking groups are calling for greater harmonization of cybersecurity regulations to reduce the regulatory burden on US banks.
In a joint statement, the Bank Policy Institute (BPI) and the American Bankers Association (ABA) urged the White House’s Office of the National Cyber Director (ONCD) to take action to address multiple overlapping regulations.
Banks in the US must currently comply with a range of requirements related to cyber incident reporting, disclosure, consumer breach notification, operational resilience, data privacy, and security.
These obligations are enforced by various entities, including prudential banking regulators, the Department of Treasury, and other state and federal regulators.
In addition, financial institutions operating internationally must also comply with laws such as the European Union’s General Data Protection Regulation.
The BPI and ABA argued that the current regulatory landscape diverted resources away from actually protecting against cyber threats, as financial institutions instead had to navigate multiple sets of rules and reporting requirements.
“Overlapping and redundant compliance requirements divert resources that could otherwise be used to protect against future threats,” the two groups stated.
“Greater coordination among all financial regulators and with industry are prerequisites to a more secure sector, and the optimal way to get there is to assess existing requirements and unify around common goals and standards creating a more streamlined and efficient regulatory process.”
The recommendations put forward included improving coordination among regulators to reduce the impact of overlapping requirements and increasing regulators’ subject matter expertise to better understand the industries they oversee.
The BPI and ABA also called for the promotion of common standards and frameworks to enable efficient resource allocation, and data sharing between regulators to further reduce the reporting burden on banks.
The ONCD is actively working to coordinate cybersecurity regulation and strategy across various sectors of the economy, with the aim of streamlining regulatory processes while maintaining high standards of cybersecurity.