BPI’s Clara Kim Testifies Before House Committee

Washington, D.C. - Clara Kim, BPI Senior Vice President, will testify today before the U.S. House Financial Services Committee at a hearing titled "Updating America's Financial Privacy Framework for the 21st Century."

Taking Stock of the Banking Privacy Landscape. As Congress considers potential legislation on financial data privacy, lawmakers should recognize the strength of the existing regime: the comprehensive privacy protections enshrined in the Gramm-Leach-Bliley Act, combined with prudential regulatory oversight, Kim said. Banks operate under stringent information security requirements set by federal regulators and on-site supervision, whereas nonbanks holding similar data are not subject to equivalent security standards or ongoing supervision.

"GLBA works. It created a framework that protects consumers by subjecting banks to rigorous, sector-specific privacy safeguards, bolstered by stringent supervision. Any legislative changes to this framework should be targeted and carefully calibrated rather than a wholesale rewrite," Kim said ahead of the testimony.

Targeted Changes. If Congress decides to update the GLBA privacy framework, targeted amendments would serve consumers better than a fundamental rewrite, Kim said. She highlighted the following guiding principles:

• Consistent Obligations. Any entity that handles sensitive personal and financial data about consumers, including fintechs, data aggregators and crypto firms, should have to meet the same rigorous standards and duties as banks to protect that information.

• Federal Preemption. A national, uniform financial privacy and information security standard with strong, clear federal preemption should be in place to avoid uncertainty caused by duplicative or conflicting state laws.

• Sector-Specific. Privacy regulation for financial institutions should continue to be done on a sector-specific basis. Relatedly, any future comprehensive federal privacy law should recognize the distinct status of federally supervised financial institutions subject to GLBA and exempt them from overlapping requirements designed for very different business models.

• Appropriate Enforcement Role. Enforcement of GLBA and any related privacy obligations for banks should remain with the appropriate federal regulators, not private litigants.

• Principles-Based Standard. To the extent Congress looks to incorporate concepts from state privacy laws, we urge a principlesbased approach that respects the specific risk profile and legal obligations of financial institutions.

• Tailored Data Minimization. Data minimization and similar concepts must be implemented in a way that does not inadvertently curtail essential internal uses, such as fraud detection. A rigid approach could make it harder for banks to fight scams.

• Clear Notice. There is room to further modernize and streamline GLBA's notice requirements without changing the underlying balance of rights and obligations. Consumers expect a single, clear privacy notice that is easy to find and understand, not a stack of overlapping, statespecific documents.

• Technology-Neutral. GLBA should remain focused on privacy and not be repurposed as a vehicle to regulate, for example, automated decisionmaking or artificial intelligence in banking.

Before joining BPI, Kim served as Senior Policy Advisor at the U.S. Department of Treasury's Bureau of Terrorism and Financial Intelligence, under the policy development and outreach office for Treasury's national security functions. During her tenure at Treasury, she was chosen to be the first U.S. Financial Attaché to Switzerland, Italy and Liechtenstein. Before joining Treasury, she spent 10 years at the U.S. Department of State, with her last assignment being Senior Advisor to the Deputy Secretary of State.

Learn More:

• BPI Welcomes Thoughtful Approach to Modernizing Financial Privacy Legislation
• BPI Comments on California Privacy Protection Agency's Proposed Rules under the CCPA for ADMT, Risk Assessments and Cybersecurity Audits

To learn more, read Kim's written testimony here.

###

About Bank Policy Institute

The Bank Policy Institute is a nonpartisan public policy, research and advocacy group that represents universal banks, regional banks and the major foreign banks doing business in the United States. The Institute produces academic research and analysis on regulatory and monetary policy topics, analyzes and comments on proposed regulations, and represents the financial services industry with respect to cybersecurity, fraud, and other information security issues.

Media Contact

Tara PayneBank Policy [email protected]