Scott Graham / UnsplashOn June 9, multiple financial services trade associations sent a letter to Treasury Secretary Scott Bessent expressing concerns about cybersecurity risk management practices at federal regulatory agencies following the OCC’s data breach and a recent OIG report on the CFPB’s data security processes. The associations’ letter argued the government should implement reforms and prevent unnecessary risks to financial institutions due to regulators’ security weaknesses.
The associations made four recommendations:
- That agencies be held to similar security standards as financial institutions;
- allow firms to retain sensitive data within their own secure systems rather than submitting data through online portals or via email;
- improve incident response and notification processes; and
- streamline examinations to reduce data sharing.
As previously covered by InfoBytes, the OIG for the Fed recently authored a report regarding confidential supervisory information that contained several recommendations for the CFPB in the wake of a major security incident involving confidential and personal information. The letter asserted that regulators have not yet implemented these recommendations.
