Four Industry Trade Associations Demand Changes After The OCC Data Breach
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
Four industry trade associations in the US have recently demanded major reforms to how federal financial regulators handle sensitive data. The move comes after a significant data breach that targeted the Office of the Comptroller of the Currency (OCC), as reported in April of this year.
The incident resulted in the exposure of 148,000 private correspondences, which contained sensitive supervisory information regarding financial institutions from all across the United States.
Trade Associations Fear The Growing Cybersecurity Threat
The complaint by the four industry trade associations was delivered via a letter addressed to Treasury Secretary Scott Bessent. In it, the American Bankers Association, the Bank Policy Institute, MFA, and SIFMA stated that there is a growing threat from hostile nation-states targeting US critical infrastructure.
These threats serve as a reminder that addressing vulnerabilities, such as those that allowed the OCC breach, must be addressed urgently.
They stressed that government agencies are increasingly the target of persistent and sophisticated nation-state attacks that could disrupt the US economy and financial markets.
“It is imperative that federal regulators recognize that they are equally a target of malicious actors and implement the same or substantially similar cybersecurity and incident response practices that they expect financial institutions to maintain,” the organizations wrote.
Regulators Must Step Up Their Security Standards
According to U.S. laws, financial institutions are required to share sensitive, proprietary, and non-public information with their respective regulators. This is an unavoidable part of the supervisory process. This may include any form of sensitive information, such as capital and liquidity management, cybersecurity protocol, and more.
The problem lies in the fact that centralizing such large amounts of sensitive data can create a single, major target for illicit actors to focus on, if their goal is to harm US economic security.
The organizations also noted that both the Treasury Department and the OCC have been targets of major cyber incidents in the last two years. During the OCC attack, hackers were able to operate within its systems for more than a year and a half before being discovered.
Soon after the breach was uncovered, entities like the Bank of New York Mellon and JPMorgan Chase decided to scale back electronic information sharing with the OCC to prevent further data leaks until the breach had been addressed. Now, the groups are urging the Treasury to hold federal agencies to the same security and data protection standards as private firms, to prevent similar problems in the future.
