Financial Services Subcommittee Considers Regulatory Gaps in Cybersecurity
At the "Cyber Threats, Consumer Data, and the Financial System" hearing, the House Financial Services Subcommittee on Consumer Protection and Financial Institutions considered proposed legislation on cybersecurity.
In a background memorandum, majority staff reported that banks and credit unions saw a 1,318 percent increase in ransomware attacks in the first half of 2021. Further, staff highlighted that in a previous hearing, before the House Financial Services Committee in May 2021, four of six "megabank" CEOs testified that cybersecurity breaches are among the "greatest threat[s] to our financial system right now."
The Subcommittee considered legislation on:
-
H.R. 3910, the "Safeguarding Non-bank Consumer Information Act," which would give the CFPB authority over the Gramm-Leach-Bliley Act's safeguards rule for data aggregators;
-
H.R. ____, the "Strengthening Cybersecurity for the Financial Sector Act," which would give the Federal Housing Finance Agency Director authority over the regulation of service providers under the Federal Credit Union Act with respect to government-sponsored enterprises and Federal Home Loan Banks; and
-
H.R. ____, the "Enhancing Cybersecurity of Nationwide Consumer Reporting Agencies Act," which would give the CFPB authority over the cybersecurity regulation of consumer reporting agencies under the Fair Credit Reporting Act.
The Subcommittee heard testimony from:
-
Samir Jain, Director of Policy at the Center for Democracy and Technology, who recommended that Congress (i) mandate reporting of cyber incidents to the federal government and (ii) enact federal privacy legislation that would require entities to minimize collected data and adopt data security measures;
-
Robert E. James, II, President and CEO at Carver Financial Corporation and Chair of the National Bankers Association, who expressed concern over the technological disparity between minority depository institutions and large banks;
-
Carlos Vazquez, Chief Information Security Officer at Canvas Credit Union, who expressed support for the National Credit Union Administration ("NCUA") having data security and privacy authority over third-party vendors, an authority currently given to the other federal agencies; and
-
Jeffrey K. Newgard, President and CEO, Bank of Idaho, on behalf of the Independent Community Bankers of America, who recommended that Congress (i) amend the definition of "data aggregators" under H.R. 3910 to ensure that it covers non-financial institution entities and (ii) allow NCUA to directly examine Credit Union Service Organizations, core providers, and other third-party providers.
Related Articles
-
The FTC adopted amendments to its Standards for Safeguarding Customer Information to strengthen the data security measures that financial institutions must implement to protect consumer financial data.
-
In testimony before the House Financial Services Committee and the Senate Banking Committee, CFPB Director Rohit Chopra prioritized (i) stimulating competition in the consumer financial markets, (ii) action against repeat offenders of agency and court orders, and (iii) restoring relationship banking to protect consumers "in an era of big data."
-
The U.S. House Financial Services Committee heard testimony from the CEOs of U.S. global systemically important banks on "trends and developments in the industry since the 2008 global financial crisis."
-
The CFPB requested feedback on the development of regulations concerning consumer access to financial records.