ICBA Policy Resolutions: Cybersecurity and Data Security, Privacy and Fraud

ICBA's Position: Cybersecurity

  • Any federal cybersecurity legislation, new or proposed cybersecurity frameworks, regulations, or guidance must recognize existing mandates, frameworks, tools, standards, and guidance to ensure community banks are not burdened with the obligation to reassess their critical systems against yet another standard which would yield the same results.
  • ICBA supports voluntary information sharing among financial institutions of all sizes, public-private partnerships, and federal agencies for the purpose of identifying, responding to, and mitigating cybersecurity threats and vulnerabilities while appropriately balancing the need to secure customer information.
  • Prudential regulators must broaden their supervision to include core processors and other third-party technology service providers community banks rely on. Employees and subcontractors of technology service providers must comply with nondisclosure and confidentiality requirements similar to those that currently apply to banks.
  • Congress must subject credit reporting agencies and other customer financial data collectors/aggregators to banking agency examination and supervision comparable to that which applies to community banks and other financial institutions.
  • ICBA supports sector cybersecurity initiatives such as .BANK and Sheltered Harbor and will work with community bank core processors to ensure equitable and reasonable access to these initiatives.


The financial services industry and community banks are on the front lines defending against cybersecurity threats and take their role in securing data and personal information very seriously. As a result of sophisticated and constantly evolving cyber threats and intrusions, the federal government and private industry are increasingly focused on cybersecurity.

  • Cybersecurity Risk Assessment Tools

  • Threat Information Sharing is Critical

  • Regulators Should Recognize Third Party Risk

  • Examination and Supervision of Credit Rating Agencies

  • Sector Cybersecurity Initiatives

ICBA's Position: Data Security and Fraud

  • All participants in the payments and financial systems, including merchants, aggregators, and other entities with access to customer financial information should be subject to Gramm-Leach-Bliley Act-like data security standards.
  • ICBA supports a national data security breach and notification standard to replace the current patchwork of state laws.
  • Community banks should be notified of a potential and/or actual breach as expeditiously as possible in order to mitigate losses.
  • The costs of data breaches should ultimately be borne by the party that incurs the breach. Barring a shift in liability to the breached entity, community banks should have continued access to various cost recovery options, including account recovery programs and litigation.
  • ICBA supports current privacy standards, such as the Gramm-Leach Bliley Act.
  • All stakeholders must continue to freely innovate to effectively protect consumer data and confidence.
  • ICBA strongly supports ongoing regulatory efforts and voluntary public-private partnerships to address the growing threat of cyberattacks.
  • ICBA supports stronger data security standards and practices for regulatory agencies and staff.


Data breaches at a national credit bureau, national retail and hotel chains, social media networks, and elsewhere have the potential to jeopardize consumers’ financial integrity and confidence in the financial services industry. Community banks are strong guardians of the security and confidentiality of customer information as a matter of good business practice and legal and regulatory requirements. Safeguarding customer information is central to maintaining public trust and retaining customers. However, bad actors will continue to look for weaknesses in the payments and information systems in various industries and breaches will occur.

  • Extend Gramm-Leach-Bliley Act-Like Standards

  • A National Data Security Breach and Notification Standard is Vital

  • Banks Need Timely and Enhanced Breach Notification

  • Cost Recovery

  • ICBA recently filed suit against Equifax for a major data breach in 2017

  • Regulators Should Hold Data Safely

  • Emerging Threats


Title Content Type Date
ICBA Summaries
ICBA Summaries
ICBA Summaries
ICBA Summaries
ICBA Summaries
ICBA Summaries
ICBA Summaries
ICBA Summaries


Title Committee Presenter Date
House Subcommittee on Financial Institutions and Consumer Credit
Written Statement
House Financial Services Committee's Subcommittee on Financial Institutions and Consumer Credit
Written Statement
House Subcommittee on Financial Institutions and Consumer Credit
Written Statement
House Small Business Committee
Written Statement

Letters to Congress

Title Recipient Date
Senate Banking Committee
House Financial Services Committee
House Energy and Commerce Committee

Letters to Regulators

Title Recipient Date
Bureau of Consumer Financial Protection
National Institute of Standards and Technology
National Institute of Standards and Technology
New York Department of Financial Services