Newsroom

The Financial Stability Oversight Council and Federal Financial Institutions Examination Council should better coordinate regulators' cybersecurity exams at financial institutions to prevent duplication of information, said Senate Banking Committee member Dean Heller, R-Nev., on Friday.

"Much better coordination is needed among the various financial regulators to ensure a consistent cybersecurity examination approach that does not waste precious time or valuable resources that could better be used in the ongoing defense against cybercriminals," Heller wrote in a letter Friday to Treasury Secretary Jack Lew and Federal Reserve Gov. Daniel Tarullo.

He explained that under the current regulatory practices, a financial institution may have cybersecurity-related examinations from multiple regulators. For these institutions, he wrote, "there appears to be little to no coordination among regulators, resulting in unnecessary duplication."

Heller said the various approaches taken by regulators or the need for firms to educate regulators on practices that should already be known, takes up resources that "are diverted away from the task of defending against cybercriminals."

Heller asked for a response detailing what plans FSOC and the FFIEC will take to increase cybersecurity examination coordination amongst regulators.

In January, NAFCU wrote a letter to FFIEC urging the regulators to keep the FFIEC cybersecurity assessment tool voluntary for credit unions of all asset sizes, allowing them to individually measure and assess their cybersecurity maturity. NCUA is a member of both the FFIEC and FSOC.