Bank/Thrift Supervision   |    Capital    |    CFPB    |    Deposit Insurance    |    Interchange    |    Mortgage Finance
Municipal Advisors   |    OCC-OTS Merger   |    Preemption    |    QM - QRM    |    Swaps   |    Volcker Rule    |    Full Topics List
Qualified Mortgage - Qualified Residential Mortgage
Consumer Financial Protection Bureau - CFPB
Bank/Thrift Holding Company Supervision
Deposit Insurance
Mortgage Finance
Municipal Advisors
OCC-OTS Merger
Volcker Rule
Corporate Governance
Financial Stability Oversight Council (FSOC)
Office of Financial Research (OFR)
Systemic Risk
Supervision and Oversight
Payment, Clearing and Settlement
Prudential Supervision
Trust & Securities
Asset-Backed Securities
Resolution Authority

Thursday, October 20, 2016

Agencies Seek Comment on Large Bank Cyber Standards

The Federal Reserve, FDIC and OCC have issued an advance notice of proposed rulemaking seeking comments on a set of enforceable cybersecurity standards for banks with more than $50 billion in assets. The new standards would be designed to supplement, not replace, existing interagency requirements and guidance for cyber resilience.

The agencies said they are considering three main approaches to implementing the standards:
  • proposing minimum requirements for a cyber risk governance framework, similar to previous interagency supervisory guidelines
  • proposing regulations containing specific cyber risk management standards in five categories 
    • cyber risk governance; 
    • cyber risk management; 
    • internal dependency management; 
    • external dependency management; 
    • and incident response, cyber resilience and situational awareness; 
  • proposing standards that include specific objectives in each category

Possible objectives in the aforementioned categories would include:
  • a written, board-approved, enterprise-wide cyber risk management strategy and risk appetite; 
  • “adequate” board expertise in cybersecurity; 
  • senior cybersecurity managers who report independently to the board; 
  • assessments of cybersecurity risk management at the business unit level; 
  • cyber risk built into an independent risk management function; 
  • inventories of all internal and external assets that affect cyber risk management; 
  • real-time monitoring of external dependencies; and 
  • transition and backup plans in the event of a successful cyber-attack.

Along with bank members of the Financial Services Information Sharing and Analysis Center, ABA has been leading cooperative, private-sector efforts to improve the cyber-resilience of the financial system. ABA will carefully review the proposal and provide comments by Jan. 17, 2017.

Read the proposal.

No comments:

Post a Comment

Please read our comment policy before making a comment.