Treasury calls on financial regulators to coordinate cybersecurity oversight

Government oversight of cybersecurity could become more streamlined under a proposal from the Trump administration.

In its first report on financial regulatory reform, the Treasury Department called for state and federal officials to work together to harmonize and coordinate examinations.

“In cybersecurity, financial institutions share the same goal as regulatory agencies: maintaining the safety and soundness of the financial system by mitigating and protecting financial institutions and the sector from cybersecurity risks,” states the June 12 report. “Better coordination on cybersecurity regulation is needed to achieve this goal and enhance the resiliency of the sector. Given the risk of fragmentation and overlap, Treasury recommends that federal and state financial regulatory agencies establish processes for coordinating regulatory tools and examinations across sub-sectors.”

In testimony before a House Appropriations subcommittee Monday, Treasury Secretary Steve Mnuchin said the Financial Stability Oversight Council should step in to sort out cybersecurity responsibilities.

“One agency should be named as the lead agency and coordinate amongst all the rest of them,” Mr. Mnuchin said.

That is the approach Charles Schwab & Co. Inc. advocated in talks with the Trump administration.

“We are pleased that Treasury recognized the importance of examination coordination in any financial regulatory system reform,” Jeff Brown, Schwab senior vice president and head of legislative and regulatory affairs, wrote in an email Wednesday.

In an earlier interview, he said the firm answers to four regulators on cybersecurity: the Securities and Exchange Commission, the Financial Industry Regulatory Authority Inc., the Office of the Comptroller of the Currency, and the Federal Reserve.

“They don’t communicate with each other, they don’t coordinate with each other, they don’t consolidate with each other,” Mr. Brown said. “Each comes in and does their exam, which could take two months.”

The SEC and Finra have again this year made cybersecurity an examination priority. Each regulator also has released guidance over the last couple years, but neither has promulgated formal cybersecurity rules.

State regulators also have increased their scrutiny of advisory firms’ cyberdefenses. State participation in the Financial and Banking Information Infrastructure Committee helps to get the regulators on the same page, according to Joe Borg, Alabama securities director and president-elect of the North American Securities Administrators Association.

“You’re going to see a lot more coordination on cybersecurity going forward,” Mr. Borg said this week at an Insured Retirement Institute conference in Washington.

At the same meeting, Ted Nickel, Wisconsin insurance commissioner and president of the National Association of Insurance Commissioners, said insurance regulators are working on a set of cybersecurity principles.

“I don’t know that there’s any overlap yet on the regulatory side,” Mr. Nickel said at the IRI conference. “I think there just needs to be more coordination. If there are some areas of mutual oversight, we [should] align our cybersecurity rules or principles in a way that doesn’t clash.”

Related Topics: Charles Schwab & Co., Financial Industry Regulatory Authority, National Association Of Insurance Commissioners (NAIC), North American Securities Administrators Association Inc (NASAA), Securities and Exchange Commission