Foster Introduces Legislation to Bolster Cybersecurity in Financial Sector
Washington, D.C. – Today, Congressman Bill Foster (D-IL) introduced legislation to strengthen cybersecurity in the financial services industry.
The Strengthening Cybersecurity for the Financial Sector Act would correct regulatory gaps and improve the safety and soundness of the nation's banking system.
Specifically, this bill would grant the National Credit Union Administration (NCUA) and the Federal Housing Finance Agency (FHFA) the authority to oversee third party vendors employed by the entities under their purview. This authority – currently utilized by all other industry regulators – was previously temporarily granted to the NCUA and FHFA but has since expired, leaving a dangerous regulatory gap and leaving consumers and families at risk. This bill would bring parity amongst our regulators to ensure that our financial services and housing industries are well protected against cyberattacks.
"Hard working Americans deserve peace of mind that their money and their data are safe with their credit union or mortgage servicer," Foster said. "Federal regulators should have the power to thoroughly scrutinize financial institutions' third-party vendors' technology systems to ensure they are secure against the growing threat of cyberattacks. We have learned the hard way about the damage that can result from supply-chain cyberattacks, and third-party vendors in our financial system represent alluring targets. This will make the entire banking system safer and will go a long way to protect sensitive consumer information."
In November 2023, a cybersecurity breach of third-party service providers disrupted the operation of approximately 60 credit unions across 40 states. This incident alone put approximately $912 million in assets and 93,000 credit union members at risk. In September 2023, federally insured credit unions became required to report cyber incidents to the NCUA within 72 hours. Within 30 days following that rule’s enactment, the NCUA received 146 incident reports – roughly 60 percent of which involved third-party service providers.
The authority to oversee third-party vendors has been requested by NCUA and FHFA directors from both political parties. The Government Accountability Office and the Financial Stability Oversight Council have made similar recommendations regarding the need for oversight of third-party vendors.
A version of this legislation passed the House Financial Services Committee in the 117th Congress, but did not receive a Floor vote.
A copy of the bill is available here.