Treasury calls on financial regulators to coordinate cybersecurity oversight

Highlighting 'fragmentation and overlap,' department suggests establishing one lead agency to align federal and state efforts

Jun 14, 2017 @ 2:09 pm

By Mark Schoeff Jr.

+ Zoom

Government oversight of cybersecurity could become more streamlined under a proposal from the Trump administration.

In its first report on financial regulatory reform, the Treasury Department called for state and federal officials to work together to harmonize and coordinate examinations.

"In cybersecurity, financial institutions share the same goal as regulatory agencies: maintaining the safety and soundness of the financial system by mitigating and protecting financial institutions and the sector from cybersecurity risks," states the June 12 report. "Better coordination on cybersecurity regulation is needed to achieve this goal and enhance the resiliency of the sector. Given the risk of fragmentation and overlap, Treasury recommends that federal and state financial regulatory agencies establish processes for coordinating regulatory tools and examinations across sub-sectors."

In testimony before a House Appropriations subcommittee Monday, Treasury Secretary Steve Mnuchin said the Financial Stability Oversight Council should step in to sort out cybersecurity responsibilities.

"One agency should be named as the lead agency and coordinate amongst all the rest of them," Mr. Mnuchin said.

That is the approach Charles Schwab & Co. Inc. advocated in talks with the Trump administration.

"We are pleased that Treasury recognized the importance of examination coordination in any financial regulatory system reform," Jeff Brown, Schwab senior vice president and head of legislative and regulatory affairs, wrote in an email Wednesday.

In an earlier interview, he said the firm answers to four regulators on cybersecurity: the Securities and Exchange Commission, the Financial Industry Regulatory Authority Inc., the Office of the Comptroller of the Currency, and the Federal Reserve.

"They don't communicate with each other, they don't coordinate with each other, they don't consolidate with each other," Mr. Brown said. "Each comes in and does their exam, which could take two months."

The SEC and Finra have again this year made cybersecurity an examination priority. Each regulator also has released guidance over the last couple years, but neither has promulgated formal cybersecurity rules.

State regulators also have increased their scrutiny of advisory firms' cyberdefenses. State participation in the Financial and Banking Information Infrastructure Committee helps to get the regulators on the same page, according to Joe Borg, Alabama securities director and president-elect of the North American Securities Administrators Association.

"You're going to see a lot more coordination on cybersecurity going forward," Mr. Borg said this week at an Insured Retirement Institute conference in Washington.

At the same meeting, Ted Nickel, Wisconsin insurance commissioner and president of the National Association of Insurance Commissioners, said insurance regulators are working on a set of cybersecurity principles.

"I don't know that there's any overlap yet on the regulatory side," Mr. Nickel said at the IRI conference. "I think there just needs to be more coordination. If there are some areas of mutual oversight, we [should] align our cybersecurity rules or principles in a way that doesn't clash."


What do you think?

View comments

Recommended for you

Featured video


Inside the first robo ETF

When it comes to exchange-traded funds, innovations come in all shapes and sizes. Check out Robo Global's Bill Studebaker discussing the first robo ETF.

Video Spotlight

Are Your Clients Prepared For Market Downturns?

Sponsored by Prudential

Recommended Video

Path to growth

Latest news & opinion

HighTower faces pressure to let investors cash out

After an IPO planned for last year didn't happen, the company could opt to satisfy its backers with a sale.

Jerry Schlichter's fee lawsuits have left an indelible mark on the 401(k) industry

After a decade of litigation, fees are lower and retirement plans are more transparent. But have the lawsuits gone too far?

10 best financial adviser jokes

How many financial advisers does it take to screw in a lightbulb?

With margins crashing, broker-dealers look to merge: report

Increased regulation is straining profit margins among broker-dealers, sending many of them into the arms of their bigger brethren.

Hackers may have profited from SEC breach

The hack of the agency's Edgar filing system occurred in 2016, but the regulator didn't conclude until last month that the cybercriminals may have used their bounty to make illicit trades.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print