The American Bankers Association today joined a group of trade organizations in calling for “significant reforms” to how federal financial agencies handle sensitive data. In a letter addressed to Treasury Secretary Scott Bessent, the organizations identified concerns with regulators’ data management practices.
“Government agencies are increasingly the target of persistent and sophisticated nation-state attacks that could disrupt financial markets and our economy,” the group wrote. “It is imperative that federal regulators recognize that they are equally a target of malicious actors and implement the same or substantially similar cybersecurity and incident response practices that they expect financial institutions to maintain.”
Financial institutions are legally required to share sensitive, proprietary and nonpublic information with their regulators as part of the supervisory process. This information can range from capital and liquidity management to cybersecurity protocols. Centralizing large amounts of data, the organizations said, can create a prime target for illicit actors seeking to harm U.S. economic security.
Regulatory agencies are increasingly the target of cyberattacks. Over the past two years, the Treasury and the Office of the Comptroller of the Currency have suffered significant cyber incidents. The latest incident dates to May 2023 when hackers compromised OCC systems. The breach, which exposed nearly 150,000 emails, wasn’t identified until February this year.
The groups recommended holding agencies to the same security and data protection standards as private companies; avoiding centralizing sensitive data that could affect entire economic sectors and instead allowing companies to maintain control and access to their data; requiring regulatory agencies to notify affected companies when things go wrong; and limiting data collection to only what is necessary.
