Cybersecurity is at the very core of the financial services industry — from enabling customers to access their data online, to monitoring websites and apps, to securing ATMs and points of sale, there’s not a financial services firm that doesn’t count cybersecurity among its highest priorities.
It is natural that financial services regulators are also paying close attention to cyber. As the industry is driving toward better security, the regulatory community is working hard to do the same, issuing more than 40 new rules, regulations, tools and guidance since mid-2014 at the federal and state level. But rather than simply implementing large numbers of regulation, it’s important that smart, coordinated regulations are put on the books to best protect consumers.
Regulations need to reflect the dynamic and evolving nature of the threats that exist to essential business and sector operations, and this month’s Treasury Department report on modernizing financial regulations is a critical step in the right direction, calling for harmonization of these multiple regulations. Harmonization and collaboration on cybersecurity will promote meaningful results and outcomes and drive a more complete view of the industry’s security and preparedness while still affirming financial services regulators respective oversight responsibilities.
A consistent set of core questions and diagnostics that leave room for uniqueness amongst financial services regulators will enable more robust examination outputs, higher quality information and more efficient cybersecurity operations. When regulatory rules or guidelines are notionally similar but semantically different, it can lead to firms having to rewrite risk and operational policies, change their organizational structure or create new reporting mechanisms. All of that gets affected through the differences in language, and ultimately impacts the firm’s ability to best serve customers.
Even a seemingly simple thing—having common definitions of words—can make a big difference to a company trying to do everything they can to protect their customers from cyber threats. By aligning definitions and streamlining overlapping regulations, regulators will retain jurisdictional mandates, and firms will be able to focus their limited resources on their primary mission of protecting our systems, platforms and users.
As the global leader for innovation, the United States must set the standards for cybersecurity. By leveraging mechanisms already in place for public-private collaboration, the nation’s leading financial services institutions and the government can effectively work together to strengthen resilience, align response and better secure our nation’s cyber infrastructure. This will require a focus on collaboration with the private sector, alignment of current and future frameworks to a custom industry “sector” profile and a more risk-based approach to cyber oversight.
As new and emerging technologies continue to develop, a regulatory and congressional approach that allows for growth and innovation, securely, will be essential to enhancing the customer experience and increasing consumers’ access to their financial tools and services.
“We’re in this together” is never truer than when it comes to the shared responsibilities of the government and private sector on cybersecurity. Cyber is bigger than one company, one system or one breach—cyber has connected the world in a way that makes each threat a global one.
Prioritization of cybersecurity requires not only a nimble regulatory approach spurred by harmonization, as noted in the Treasury Department’s report on modernizing financial regulations, but a long-term commitment and an increased investment of resources from both the public and private sectors.
Chris Feeney is the president of BITS, the technology policy division of the Financial Services Roundtable.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.