The U.S. Chamber of Commerce is urging federal banking regulators to avoid imposing “prescriptive cybersecurity standards” on the financial sector and instead support such entities adopting a “risk-based” approach to address their unique threats.
In its Jan. 18 comment letter, the Chamber told the Federal Reserve Board, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency that imposing prescriptive cybersecurity standards on financial sector entities “would lead to standards that may become rapidly obsolete, an emphasis on compliance rather than security, and the potential undermining of existing public-private collaboration to mitigate cyber threats.”
The three agencies issued proposed joint standards last October that would apply to depository institutions and depository institution holding companies with assets of $50 billion or more, U.S. operations of foreign banking organizations with U.S. assets of $50 billion or more, and financial market infrastructure companies and nonbank financial companies supervised by the Federal Reserve.
The enhanced standards would not apply to community banks. Comments were due by Jan. 17.
Source: LegalTech: Bank Regulators’ Cybersecurity Approach is Misguided, Chamber Says
The Chamber’s comment letter is available here.