(Bloomberg) --More rules may not be the best answer to protecting the financial system against cyber attacks, a Federal Reserve official said.
“I don’t think the solution to the cybersecurity problem rests in regulation,” Arthur Lindo, senior associate director of the Fed’s division of supervision and regulation, said at a banking conference in New York. “We’re going to try a more flexible approach.”
The Fed and other regulators issued a notice of proposed rulemaking on cyber risk management standards last year, which is typically followed by a prospective rule. After the industry and others involved in computer security discouraged regulators from creating a standard, they decided not to proceed, Lindo said.
Lindo’s comments come weeks after Equifax Inc. announced a
Equifax's data breach may be the most serious, given that it covered 143 million consumers and involved reams of confidential information, but it wasn't the largest. Following are the biggest to date.
There are already lots of rules and regulations that banks and other financial institutions have to follow when it comes to cybersecurity. Several lenders and trade groups collected all U.S. and global guidance documents, regulatory requirements and recent proposals on cybersecurity into a “financial sector profile,” said JPMorgan Chase & Co.’s Kevin Gronberg, who was also on the panel. It ended up being a 2,000-line spreadsheet showing a lot of overlap between rules and demands from different regulators, Gronberg said.
“We tried to put it all into a common language, so we can reply with the same answer when we get the same questions from different regulators,” said Gronberg, vice president of global cyber partnerships.
