CSBS Issue Talking Points - March 2021

• Robust cybersecurity and IT policies in the nonbank financial services industry are crucial in protecting companies and their customers. The need for these policies will only continue to grow. • State regulators have developed several tools (listed above) to ensure nonbank entities have the proper policies in place. • The risks of a cybersecurity breach include the loss of consumer information, disruption to business activities, reputational risk to state regulators and possibly federal preemption.

SME Contact: Mike Bray, Manager, Nonbank Supervision: 202.559.1953 or MBray@csbs.org Date Updated: 01/14/2021

FOR STATE REGULATOR USE ONLY