Washington, D.C. – The Bank Policy Institute, American Bankers Association, Managed Funds Association (MFA), and Securities Industry and Financial Markets Association (SIFMA) have urged the U.S. Treasury to reform data management practices at federal financial regulators following a significant data breach. This breach exposed over 148,000 private correspondences containing sensitive supervisory information about U.S. financial institutions.
In a letter addressed to Treasury Secretary Scott Bessent, these organizations highlighted concerns regarding data management weaknesses that span the previous administration. They emphasized the growing threats from hostile nation-states targeting U.S. critical infrastructure as a reason for urgent action.
The letter stated: “[G]overnment agencies are increasingly the target of persistent and sophisticated nation-state attacks that could disrupt financial markets and our economy.” It further urged federal regulators to implement cybersecurity measures comparable to those expected of financial institutions.
Financial institutions are required by law to share sensitive information with their regulators as part of the supervisory process. However, centralizing this data creates vulnerabilities that illicit actors can exploit.
Over the past two years, both the Treasury Department and the Office of the Comptroller of the Currency (OCC) have experienced significant cyber incidents. The most recent incident was identified in early 2025 but dated back to May 2023 when hackers compromised OCC’s systems. Hackers likely had access for over a year and a half before detection, exposing an estimated 148,000 emails containing potentially sensitive information.
The organizations made four recommendations to address these issues:
1. Hold agencies to security standards similar to private companies.
2. Avoid centralizing sensitive data.
3. Require regulatory agencies to notify affected companies when breaches occur.
4. Limit data collection to what is necessary.
Austin Anton from Bank Policy Institute, Sarah Grano from American Bankers Association, Noah Theran from Managed Funds Association, and Katrina Cavalli from SIFMA are contacts for further information on this matter.
The American Bankers Association represents a $24.5 trillion banking industry employing approximately 2.1 million people in safeguarding deposits and extending loans.
The Bank Policy Institute is a nonpartisan group representing banks doing business in the United States with a focus on cybersecurity and other information security issues.
Managed Funds Association advocates for alternative asset managers globally with more than 180 fund manager members using diverse investment strategies.
SIFMA is a trade association advocating on legislation affecting retail and institutional investors while promoting fair market operations in New York and Washington, D.C.