Our Position

Data and Cyber Security


  • Any new Federal or state legislation, regulation, or guidance related to data or cybersecurity should be non-proscriptive and non-duplicative.
  • ICBA suggests that regulators broaden their supervision to include all companies that have access to consumer financial data.
  • Regulators should not mandate the use of any one framework, tool, or assessment, but rather support community banks’ ability to use the framework, tool or assessment that best suits their institution’s size, complexity, and risk tolerance.
  • ICBA supports bi-directional sharing of threat intelligence between the financial sector and the government.
  • ICBA supports stronger cybersecurity standards and practices for government.
  • ICBA supports financial sector initiatives such as .BANK and Sheltered Harbor.


To better address increasingly sophisticated threats, state and federal legislation, regulation, and guidance should enable community banks to implement risk-based security programs. Lawmakers and regulators should harmonize future legislation or regulatory action with existing regulatory requirements. Additionally, regulators should broaden their supervision to include all companies that have access to, use, or store consumer financial data. These companies should be subject to the standards outlined in the Gramm-Leach-Bliley Act (GLBA).

Community banks have various sizes, complexities, and risk tolerances. As such, regulators should allow community banks to choose the assessment tool that best fits their institution’s risk profile.

ICBA recognizes that the U.S. Government also has a responsibility to safeguard financial and personally identifiable information (PII) and to provide banks with visibility into the government’s business continuity, incident response, and other critical resiliency plans. Bi-directional threat information sharing initiatives, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), are critical to threat mitigation.

.BANK, Sheltered Harbor, and other financial sector efforts enhance protection for bank customer account data.

Staff Contact

Lance Noggle

SVP Operations, Senior Regulatory Counsel



Sam Mayper

VP, Congressional Relations



Susan Sullivan

SVP, Congressional Relations