Financial Trade Associations Ask Treasury to Limit Data Collection After Cybersecurity Incidents

Four financial industry trade associations said Monday (June 9) that federal agencies should limit their data collection to “only what is necessary” after a series of cybersecurity incidents targeted those agencies.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The groups said this in a Monday letter addressed Treasury Secretary Scott Bessent and sent in response to recent cyber incidents at the department and the Office of the Comptroller of the Currency (OCC), they said in a press release.

    The letter was signed by the American Bankers Association, Bank Policy Institute, Managed Funds Association, and Securities Industry and Financial Markets Association.

    In addition to suggesting a limitation on data collection, the groups recommended in the letter that agencies be held to the same security and data protection standards as private companies, sensitive data not be centralized, and regulatory agencies be required to notify affect companies “when something goes wrong.”

    “With increasing frequency over the past few years, federal agencies have experienced significant cyber incidents,” the letter said. “As firms are required to share non-public, highly sensitive information with regulators as part of the supervisory process, compromises at regulatory agencies could expose institutions’ vulnerabilities and business information to malicious actors, putting them at strategic disadvantage.”

    Reached by PYMNTS, an OCC spokesperson declined to comment on the letter.

    The Treasury Department did not immediately reply to PYMNTS’ request for comment.

    The OCC said April 8 that it notified Congress of a “major security incident” in which there was unauthorized access to OCC emails and email attachments.

    “The OCC discovered that the unauthorized access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes,” the agency said at the time in a press release.

    It was reported April 14 that JPMorgan Chase and Bank of New York Mellon had scaled back their electronic information sharing with the OCC following that breach of the regulator’s email system.

    In December, it was reported that Treasury Department workstations had been breached by China-backed hackers who then stole unclassified documents. One report said at the time that officials described the attack as a “major incident.”