Will Regulation Solve Cybersecurity Problems?

Posted on November 13, 2017 by Laura Lam

cybersecurity 3Cybersecurity was a main topic at a recent New York banking conference.  According to Arthur Lindo, senior associate director of the Fed’s division of supervision and regulation, more rules may not be the best answer to protecting the financial system.  “I don’t think the solution to the cybersecurity problem rests in regulation,” said Lindo.  “We’re going to try a more flexible approach.”

The Fed and other regulators issued a notice of proposed rulemaking on cyber risk management standards last year, which is typically followed by a prospective rule. After the industry and others involved in computer security discouraged regulators from creating a standard, they decided not to proceed, Lindo said.

Lindo’s comments come weeks after Equifax Inc. announced a massive consumer data breach that led to the theft of personal information of more than 145 million people. Lawmakers including Idaho Republican Mike Crapo, head of the Senate Banking Committee, have asked the Fed and other regulators whether they need more authority to help ensure credit bureaus adequately protect consumers’ information in the wake of the attack.

There are already lots of rules and regulations that banks and other financial institutions have to follow when it comes to cybersecurity. Several lenders and trade groups collected all U.S. and global guidance documents, regulatory requirements and recent proposals on cybersecurity into a “financial sector profile,” said JPMorgan Chase & Co.’s Kevin Gronberg.  It ended up being a 2,000-line spreadsheet showing a lot of overlap between rules and demands from different regulators, Gronberg said.

“We tried to put it all into a common language, so we can reply with the same answer when we get the same questions from different regulators,” said Gronberg, vice president of global cyber partnerships.

Source:  Bloomberg