At the "Cyber Threats, Consumer Data, and the Financial System" hearing, the House Financial Services Subcommittee on Consumer Protection and Financial Institutions considered proposed legislation on cybersecurity.
In a background memorandum, majority staff reported that banks and credit unions saw a 1,318 percent increase in ransomware attacks in the first half of 2021. Further, staff highlighted that in a previous hearing, before the House Financial Services Committee in May 2021, four of six "megabank" CEOs testified that cybersecurity breaches are among the "greatest threat[s] to our financial system right now."
The Subcommittee considered legislation on:
- R. 3910, the "Safeguarding Non-bank Consumer Information Act," which would give the CFPB authority over the Gramm-Leach-Bliley Act's safeguards rule for data aggregators;
- R. ____, the "Strengthening Cybersecurity for the Financial Sector Act," which would give the Federal Housing Finance Agency Director authority over the regulation of service providers under the Federal Credit Union Act with respect to government-sponsored enterprises and Federal Home Loan Banks; and
- R. ____, the "Enhancing Cybersecurity of Nationwide Consumer Reporting Agencies Act," which would give the CFPB authority over the cybersecurity regulation of consumer reporting agencies under the Fair Credit Reporting Act.
The Subcommittee heard testimony from:
- Samir Jain, Director of Policy at the Center for Democracy and Technology, who recommendedthat Congress (i) mandate reporting of cyber incidents to the federal government and (ii) enact federal privacy legislation that would require entities to minimize collected data and adopt data security measures;
- Robert E. James, II, President and CEO at Carver Financial Corporation and Chair of the National Bankers Association, who expressed concernover the technological disparity between minority depository institutions and large banks;
- Carlos Vazquez, Chief Information Security Officer at Canvas Credit Union, who expressed supportfor the National Credit Union Administration ("NCUA") having data security and privacy authority over third-party vendors, an authority currently given to the other federal agencies; and
- Jeffrey K. Newgard, President and CEO, Bank of Idaho, on behalf of the Independent Community Bankers of America, who recommendedthat Congress (i) amend the definition of "data aggregators" under H.R. 3910 to ensure that it covers non-financial institution entities and (ii) allow NCUA to directly examine Credit Union Service Organizations, core providers, and other third-party providers.
Primary Sources
- House Financial Services Subcommittee on Consumer Protection and Financial Institutions Hearing: Cyber Threats, Consumer Data, and the Financial System
- House Financial Services Subcommittee on Consumer Protection and Financial Institutions Memorandum: Cyber Threats, Consumer Data, and the Financial System
- H.R. 3910, the "Safeguarding Non-bank Consumer Information Act"
- H.R. ____, the "Strengthening Cybersecurity for the Financial Sector Act"
- H.R. ____, the "Enhancing Cybersecurity of Nationwide Consumer Reporting Agencies Act"
- Congressional Testimony, Samir Jain: Cyber Threats, Consumer Data, and the Financial System
- Congressional Testimony, Robert E. James, II: Cyber Threats, Consumer Data, and the Financial System
- Congressional Testimony, Carlos Vazquez: Cyber Threats, Consumer Data, and the Financial System
- Congressional Testimony, Jeffrey K. Newgard: Cyber Threats, Consumer Data, and the Financial System
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.