Regulation can't solve cybersecurity problems, Fed official says

Di-GenericCybersec_11072017
Cables run into the back of a server unit inside the data center of FinTech Group AG's campus offices in Frankfurt, Germany, on Tuesday, April 12, 2016. Photographer: Krisztian Bocsi/Bloomberg

(Bloomberg) --More rules may not be the best answer to protecting the financial system against cyber attacks, a Federal Reserve official said.

“I don’t think the solution to the cybersecurity problem rests in regulation,” Arthur Lindo, senior associate director of the Fed’s division of supervision and regulation, said at a banking conference in New York. “We’re going to try a more flexible approach.”

The Fed and other regulators issued a notice of proposed rulemaking on cyber risk management standards last year, which is typically followed by a prospective rule. After the industry and others involved in computer security discouraged regulators from creating a standard, they decided not to proceed, Lindo said.

Lindo’s comments come weeks after Equifax Inc. announced a massive consumer data breach that led to the theft of personal information of more than 145 million people. Lawmakers including Idaho Republican Mike Crapo, head of the Senate Banking Committee, have asked the Fed and other regulators whether they need more authority to help ensure credit bureaus adequately protect consumers’ information in the wake of the attack.

A monitor displays Equifax signage on the floor of the New York Stock Exchange.

Equifax's data breach may be the most serious, given that it covered 143 million consumers and involved reams of confidential information, but it wasn't the largest. Following are the biggest to date.

1 Min Read

There are already lots of rules and regulations that banks and other financial institutions have to follow when it comes to cybersecurity. Several lenders and trade groups collected all U.S. and global guidance documents, regulatory requirements and recent proposals on cybersecurity into a “financial sector profile,” said JPMorgan Chase & Co.’s Kevin Gronberg, who was also on the panel. It ended up being a 2,000-line spreadsheet showing a lot of overlap between rules and demands from different regulators, Gronberg said.

“We tried to put it all into a common language, so we can reply with the same answer when we get the same questions from different regulators,” said Gronberg, vice president of global cyber partnerships.

Bloomberg News
Cyber security Cyber attacks Customer data Data security Law and regulation Federal Reserve Equifax
MORE FROM DIGITAL INSURANCE