The undersigned organizations, representing the financial services industry, appreciate your efforts to
introduce H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act. We
welcome your leadership in this crucial fight against cyber threats and your work in forging this
commonsense, bipartisan legislation.
While Congress considers much needed legislative action, our associations and the financial services
industry have taken major steps to address the cybersecurity threats facing the Nation’s critical
infrastructure. The financial services sector continues to invest in our infrastructure, has improved
coordination among institutions of all sizes, and is continually enhancing our partnerships with
government.
H.R. 3696 recognizes the necessary partnership between the private and public sectors that is required
to better protect our Nation’s cybersecurity infrastructure. Among other provisions, this bill would
strengthen existing mechanisms such as the Financial Services Sector Coordinating Council (FSSCC)
and the Financial Services Information Sharing and Analysis Center (FS-ISAC) that help our sector
identify threats, respond to cyber incidents and coordinate with government partners. These
organizations work closely with partners throughout the government, including our sector specific
agency, the Department of Treasury, as well as the Department of Homeland Security. Each agency has
a civilian mission and plays a unique role in sector cybersecurity efforts and both work to strengthen
the sector’s understanding of the threat environment.
Additionally H.R. 3696 seeks to improve the provisioning of security clearances for those involved in
cybersecurity information sharing. Your recognition that this is a system that demands improvement is
strongly supported by our industry and we further encourage the expansion of this to specifically
include individuals within critical infrastructure responsible for key aspects of network defense or
mitigation. It is essential that all sizes of institutions within critical infrastructure receive access to
classified threat information in a timely manner.
Finally, H.R. 3696 expands the existing Support Anti-Terrorism by Fostering Effective Technologies
Act (SAFETY Act) to provide important legal liability protections for providers and users of certified
cybersecurity technology in the event of a qualified Cybersecurity incident. We urge Congress to work
with the Department of Homeland Security to ensure that, should this provision be adopted, the
expanded SAFETY Act is implemented in a manner that does not duplicate or conflict with existing
regulatory requirements, mandatory standards, or the evolving voluntary National Institute for
Standards and Technology (NIST) Cybersecurity Framework. An expansion of the program must be
coupled with additional funding to enable DHS to handle the increased scope of program and
subsequent increase in applicants. Further, it is incumbent that an expansion enables DHS to
streamline its SAFETY Act review and approval process so as not to discourage participation in the
program.
Our sector has actively engaged in the implementation of Executive Order 13636 and the development
by the National Institute of Standards and Technology of a Cybersecurity Framework. We believe the
process outlined in H.R. 3696 should reflect the Framework developed through this cross-sector
collaborative process.
Each of our organizations and respective member firms have made cybersecurity a top priority. We are
committed to working with you as you lead in this crucial fight for cybersecurity of critical
infrastructure.
American Bankers Association
The Clearing House
Consumer Bankers Association
Credit Union National Association (CUNA)
Electronic Funds Transfer Association
Financial Services - Information Sharing and Analysis Center (FS-ISAC)
Financial Services Roundtable
Independent Community Bankers Association (ICBA)
Investment Company Institute
NACHA-The Electronic Payments Association
National Association of Federal Credit Unions (NAFCU)
Securities Industry and Financial Markets Association (SIFMA)
Dear Chairman McCaul and Ranking Member Thompson:
The undersigned organizations, representing the financial services industry, appreciate your efforts to
introduce H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act. We
welcome your leadership in this crucial fight against cyber threats and your work in forging this
commonsense, bipartisan legislation.
While Congress considers much needed legislative action, our associations and the financial services
industry have taken major steps to address the cybersecurity threats facing the Nation’s critical
infrastructure. The financial services sector continues to invest in our infrastructure, has improved
coordination among institutions of all sizes, and is continually enhancing our partnerships with
government.
H.R. 3696 recognizes the necessary partnership between the private and public sectors that is required
to better protect our Nation’s cybersecurity infrastructure. Among other provisions, this bill would
strengthen existing mechanisms such as the Financial Services Sector Coordinating Council (FSSCC)
and the Financial Services Information Sharing and Analysis Center (FS-ISAC) that help our sector
identify threats, respond to cyber incidents and coordinate with government partners. These
organizations work closely with partners throughout the government, including our sector specific
agency, the Department of Treasury, as well as the Department of Homeland Security. Each agency has
a civilian mission and plays a unique role in sector cybersecurity efforts and both work to strengthen
the sector’s understanding of the threat environment.
Additionally H.R. 3696 seeks to improve the provisioning of security clearances for those involved in
cybersecurity information sharing. Your recognition that this is a system that demands improvement is
strongly supported by our industry and we further encourage the expansion of this to specifically
include individuals within critical infrastructure responsible for key aspects of network defense or
mitigation. It is essential that all sizes of institutions within critical infrastructure receive access to
classified threat information in a timely manner.
Finally, H.R. 3696 expands the existing Support Anti-Terrorism by Fostering Effective Technologies
Act (SAFETY Act) to provide important legal liability protections for providers and users of certified
cybersecurity technology in the event of a qualified Cybersecurity incident. We urge Congress to work
with the Department of Homeland Security to ensure that, should this provision be adopted, the
expanded SAFETY Act is implemented in a manner that does not duplicate or conflict with existing
regulatory requirements, mandatory standards, or the evolving voluntary National Institute for
Standards and Technology (NIST) Cybersecurity Framework. An expansion of the program must be
coupled with additional funding to enable DHS to handle the increased scope of program and
subsequent increase in applicants. Further, it is incumbent that an expansion enables DHS to
streamline its SAFETY Act review and approval process so as not to discourage participation in the
program.
Our sector has actively engaged in the implementation of Executive Order 13636 and the development
by the National Institute of Standards and Technology of a Cybersecurity Framework. We believe the
process outlined in H.R. 3696 should reflect the Framework developed through this cross-sector
collaborative process.
Each of our organizations and respective member firms have made cybersecurity a top priority. We are
committed to working with you as you lead in this crucial fight for cybersecurity of critical
infrastructure.
American Bankers Association
The Clearing House
Consumer Bankers Association
Credit Union National Association (CUNA)
Electronic Funds Transfer Association
Financial Services - Information Sharing and Analysis Center (FS-ISAC)
Financial Services Roundtable
Independent Community Bankers Association (ICBA)
Investment Company Institute
NACHA-The Electronic Payments Association
National Association of Federal Credit Unions (NAFCU)
Securities Industry and Financial Markets Association (SIFMA)
Cc: House Committee on Homeland Security