Menu
Banking Exchange Magazine Logo
Menu

New Cybersecurity Legislation Sparks Concerns Among Financial Trade Groups

Groups claim the legislation would hinder, rather enhance, current efforts toward cybersecurity

  • |
  • Written by  Banking Exchange staff
New Cybersecurity Legislation Sparks Concerns Among Financial Trade Groups

A new cybersecurity bill could hinder online security at banks and other financial institutions, trade bodies have warned.

In a letter to the Senate Intelligence Committee, the American Bankers Association (ABA), the Bank Polity Institute and the Consumer Bankers Association warned that the Cyber Notification Act of 2021 clashed with existing legislation and would be problematic for banks to implement safely.

The groups said they did not support the act in its current form as they believed it would hinder, rather than enhance, cybersecurity.

The trade bodies urged the committee to ensure that any new requirements for reporting, oversight and enforcement of cybersecurity issues be harmonized with existing regulatory requirements to avoid confusion and the potential undermining of previous rulesets.

Misalignments highlighted in the letter included financial penalties for non-compliance, and the extension of reporting to other regulators. The trade bodies recommended that the legislation include a mandate for the Cybersecurity and Infrastructure Security Agency (CISA) to work with all regulatory agencies to develop a common reporting form and streamlined process.

“Otherwise, still more time will be spent by first responders working with firms’ legal and compliance terms to ensure that each agency’s requirement is met rather than focusing those efforts on protecting critical infrastructure,” the letter stated.

The organizations also requested that the timeline for reporting a cybersecurity incident should be extended to 72 hours. The current 24-hour maximum written in the bill would not give enough time for institutions to provide more accurate reports, they argued, since firms often have limited information on an event in the first 24-36 hours.

Another request was that the scope of reporting be reduced to events that cause actual harm to avoid overwhelming CISA’s analytical efforts. The groups claimed that the agency would be inundated with near-constant reports considering the number of incidents firms see already on a daily basis.

The groups also raised an issue regarding the safety of data, requesting that a mechanism be put in place to notify a critical infrastructure entity when an incident attacks a federal system holding that entity’s sensitive data.

back to top

Sections

About Us

Connect With Us

Resources

Webinar: Card Based Faster Payments in Today’s Digital Economy

Time/Date: June 28, 2022, at 2:00 ET

Consumers and businesses want instant gratification and the ability to move money in just minutes. From payroll to P2P to insurance benefits, demand is rising for instant disbursement. However, there are pain points in the current money movement ecosystem, and to address them, financial institutions need a payments strategy that addresses the dramatic rise in faster payments.

In this Banking Exchange hosted webinar on June 28, 2022, at 2:00 ET, Jaspreet Singh, Head of A2A/P2P Commercialization, Visa Direct at Visa Direct, and Al Griffin, Product Manager at Alacriti, discuss:

REGISTER NOW!

This webinar is brought to you by:
Alacriti logo