As the Senate thinks about the 2023 National Defense Authorization Act, the American Bankers Association and the Bank Policy Institute advised legislators to leave out language that would develop a classification for “systemically important entities,” consisting of big banks, for the functions of evaluating threats to important facilities entities. The arrangement, which was consisted of as a change to the House-passed variation of the expense, would likewise enable the Cybersecurity and Infrastructure Agency to accept reports from regulators.
The groups kept in mind that it would replicate existing efforts to keep an eye on cybersecurity danger at these companies, which banks are currently based on classification as systemically essential banks under the Dodd-Frank Act and needed to embrace boosted procedures for security and durability. They likewise mentioned that sharing delicate details with CISA might increase danger to companies, to name a few things.
“While some critical infrastructure sectors are not captured by similar designation programs and may warrant additional oversight, financial institutions are already subject to extensive cybersecurity risk management and incident reporting frameworks that require reviews of security controls and data protection measures, the security of vendors and suppliers, governance processes, and incident notification and reporting,” the associations stated. “Adding yet another layer of reporting to a different set of agencies with different standards would detract significantly from financial institutions’ essential work defending against cyber threats.”