Bill Would Enhance Federal Regulators’ Cybersecurity Programs

Protecting Americans’ financial and other personal information no matter what entity possesses it is of utmost importance to credit unions, CUNA wrote to House Financial Services Committee leadership Tuesday. The committee conducted a markup of several bill starting Tuesday, including the CUNA/League-supported Cybersecurity and Financial System Resilience Act of 2019 (H.R. 4458).

“America’s credit unions support efforts to ensure that the entire financial services sector has proper cyber safeguards in place and this effort should extend to the sectors’ regulators,” the letter reads. “H.R. 4458 would require the sectors’ regulators to each issue an annual report to Congress describing measures the respective agency has taken to strengthen cybersecurity with respect to its functions as a regulator, including the supervision and regulation of financial institutions and, where applicable, third-party service providers.”

The Federal Information Security Modernization Act of 2014 (FISMA) requires regulators to develop, document and implement an agency-wide program to provide information security for systems that support the operations and assets of the agency.

H.R. 4458 would enhance FISMA through reporting requirements while also requiring the regulators to ensure robust oversight of their regulated entities, which is already a primary duty of the regulators.

“The regulators should be given wide latitude to decide the information reported publicly on the status of their regulated entities. Any information that details cyber vulnerabilities at financial institutions should not be reported publicly as it could harm the sector as bad actors could use reports as a roadmap for future attacks,” the letter reads. “Furthermore, the regulators should coordinate publicly reporting their regulated financial institutions for the same reason.

The letter also commends NCUA Chairman Rodney Hood for his recent appointment of a special advisor for cybersecurity at the agency.

“We believe this is a critical step to ensure the agency stays focused on important cyber issues. We appreciate that NCUA has taken proactive efforts to work to secure the cyber security framework for credit unions and their members,” the letter reads.