Re: Request for Information on Cybersecurity Regulatory Harmonization
Dear Ms. Walden,
The Bank Policy Institute ("BPI") and American Bankers Association ("ABA") (collectively, the "Associations") welcome and appreciate the Office of the National Cyber Director's ("ONCD") Request for Information on Cybersecurity Regulatory Harmonization ("RFI"). This is an important opportunity to assess the effect of overlapping and duplicative regulation and develop a streamlined framework to improve security across critical infrastructure sectors.
The Associations support the National Cybersecurity Strategy's focus on improving baseline security practices across industry sectors. The strategy also recognizes that increased regulatory focus on cybersecurity, if not carefully calibrated and aligned across government and independent regulators, can have unintended adverse effects. As the Federal government contemplates harmonizing existing cyber regulations and where new regulatory regimes might be appropriate, we encourage a balanced approach that considers the effect on front-line cybersecurity personnel to ensure they are able to meet compliance requirements while maintaining critical day-to-day operational responsibilities.
Financial institutions have complied with myriad security, privacy, operational resilience and third-party risk management requirements for decades and have worked closely with prudential financial regulators—the Office of the Comptroller of the Currency ("OCC"), Federal Reserve Board ("FRB"), and the Federal Deposit Insurance Corporation ("FDIC")—to encourage coordination where possible. We offer the following recommendations based on these experiences:
Download the joint comment letter to read the full text.