The National Institute of Standards and Technology recently posed additional questions to the American Bankers Association and other commenters in a follow-up to its draft 2022 report on cybersecurity considerations for open banking technology and emerging standards. The questions pertain to matters such as technical obstacles, standards, timeframes, consumer awareness, cyber risk and privacy concerns, and have some overlap with the CFPB’s personal financial data rights rulemaking (Dodd-Frank Act Section 1033).
Last year, ABA joined two other associations in a letter commenting on the report. NIST will use the responses from the associations and other parties to rework the existing version. The focus will be on cybersecurity and privacy considerations only—not legislation, banking laws, policy or other non-technical areas, even though NIST recognizes that these may be intertwined. The responses to the supplemental questions are due by May 31.