Menu
Banking Exchange Magazine Logo
Menu

New Cybersecurity Legislation Sparks Concerns Among Financial Trade Groups

Groups claim the legislation would hinder, rather enhance, current efforts toward cybersecurity

  • |
  • Written by  Banking Exchange staff
  • |
  • Comments:   DISQUS_COMMENTS
New Cybersecurity Legislation Sparks Concerns Among Financial Trade Groups

A new cybersecurity bill could hinder online security at banks and other financial institutions, trade bodies have warned.

In a letter to the Senate Intelligence Committee, the American Bankers Association (ABA), the Bank Polity Institute and the Consumer Bankers Association warned that the Cyber Notification Act of 2021 clashed with existing legislation and would be problematic for banks to implement safely.

The groups said they did not support the act in its current form as they believed it would hinder, rather than enhance, cybersecurity.

The trade bodies urged the committee to ensure that any new requirements for reporting, oversight and enforcement of cybersecurity issues be harmonized with existing regulatory requirements to avoid confusion and the potential undermining of previous rulesets.

Misalignments highlighted in the letter included financial penalties for non-compliance, and the extension of reporting to other regulators. The trade bodies recommended that the legislation include a mandate for the Cybersecurity and Infrastructure Security Agency (CISA) to work with all regulatory agencies to develop a common reporting form and streamlined process.

“Otherwise, still more time will be spent by first responders working with firms’ legal and compliance terms to ensure that each agency’s requirement is met rather than focusing those efforts on protecting critical infrastructure,” the letter stated.

The organizations also requested that the timeline for reporting a cybersecurity incident should be extended to 72 hours. The current 24-hour maximum written in the bill would not give enough time for institutions to provide more accurate reports, they argued, since firms often have limited information on an event in the first 24-36 hours.

Another request was that the scope of reporting be reduced to events that cause actual harm to avoid overwhelming CISA’s analytical efforts. The groups claimed that the agency would be inundated with near-constant reports considering the number of incidents firms see already on a daily basis.

The groups also raised an issue regarding the safety of data, requesting that a mechanism be put in place to notify a critical infrastructure entity when an incident attacks a federal system holding that entity’s sensitive data.

back to top

Sections

About Us

Connect With Us

Resources

Bring a Human Connection to
Remote Banking, Insurance, and Financial Services

Remote channels have become the primary method to apply for new accounts, insurance policies, loans, and to get financial advice. But, research shows that consumers turn to channels where they can receive human help and assistance for complex financial activities.

How can organizations deliver a personal touch in a remote, non-face-to-face world? What tools do advisors and agents need to drive digital customer engagement – virtually?

Download this ebook to learn how to recreate the power of the face-to-face meeting in your to end-to-end digital processes.

DOWNLOAD EBOOK!

This eBook is brought to you by:
OneSpan Logo