In a statement for the record shared ahead of a House Financial Services subcommittee hearing on cyber threats and consumer data today, the American Bankers Association offered support for legislation that “closes regulatory gaps that put the financial system and consumers at risk.” The association told the subcommittee that any new legislation on data privacy should take into consideration the existing laws that apply to financial institutions—including the Gramm-Leach-Bliley Act, Fair Credit Reporting Act and Right to Financial Privacy Act—and should “avoid new requirements that duplicate or are inconsistent with those laws.”
As bills are introduced requiring the private sector to report cyber-attacks and ransomware payments to the Department of Homeland Security, ABA emphasized that simply reporting on those incidents is not enough. The association urged Congress to ensure that the federal government shares threat information and provides tools to help businesses mitigate the effects of the attacks and prevent future ones.
ABA said that Congress, the Federal Reserve and other policymakers should ensure that the rules that apply to banks should also be applied to any entity that offers bank-like products or services. “Monoline fintech firms, nonbank payment providers, large technology firms and decentralized finance technologies like cryptocurrency have entered the market and some are seeking access to the payments system, while seeking to avoid the full bank regulatory framework including data privacy and consumer protections,” ABA said.