Newsroom

NAFCU Senior Counsel for Research and Policy Andrew Morris sent a letter to Acting National Cyber Director Kemba Walden in support of “harmonization of cybersecurity regulations to reduce inconsistency and administrative burden for federally insured credit unions (FICUs).” The Office of the National Cyber Director (ONCD) issued a request for information on the topic.

“Credit unions can encounter numerous variations of cybersecurity rules depending on where they operate, as many states have adopted their own, unique rules for information security programs,” Morris explained.

“NAFCU recommends the ONCD catalogue differences in state information security requirements for financial institutions that create conflict or inconsistency with the guidelines and standards adopted by federal banking regulators, such as the NCUA. Analysis of discrepancies between state and federal law may help financial regulatory agencies engage in productive dialogue around cyber regulatory harmonization. It could also serve as a compliance aid for small financial institutions,” he added.

Morris detailed differences among state laws and NCUA requirements, as well as overlapping federal cybersecurity standards. He urged the ONCD to promote interagency dialogue and examine the CFPB’s approach to cybersecurity to ensure efforts are not undermined or contradictory.

NAFCU will continue to advocate for a comprehensive federal data privacy and security standard that covers all entities that collect and store consumer information.