Four major trade associations are calling for sweeping cybersecurity reforms among federal financial regulators after a breach at the Office of the Comptroller of the Currency (OCC) exposed over 148,000 sensitive documents. In a joint letter to Treasury Secretary Scott Bessent, the Bank Policy Institute, American Bankers Association, Managed Funds Association, and SIFMA stressed that the breach highlights a broader risk of cyberattacks against critical government infrastructure.

The letter warns that regulators are becoming high-value targets for sophisticated nation-state actors. It urges agencies to adopt the same cybersecurity and incident response protocols they require of financial institutions, citing the Treasury Department and OCC as recent victims of cyber intrusions. Notably, hackers reportedly operated undetected within OCC systems for more than 18 months before being discovered, prompting major banks like JPMorgan Chase and Bank of New York Mellon to limit digital data sharing with the regulator.

The industry groups argue that while financial institutions must share non-public information—ranging from liquidity data to cybersecurity practices—with regulators, the centralization of such data increases exposure to cyber threats. They recommend limiting data collection to essentials and decentralizing sensitive data storage, allowing firms greater control. “Compromises at regulatory agencies,” they warned, “could expose institutions’ vulnerabilities and business strategies to malicious actors, putting them at a strategic disadvantage.”