Three federal agencies that issued an advanced notice of proposed rulemaking (ANPR) last October regarding enhanced cyber risk management standards for large financial institutions, and their service providers, under the agencies’ supervision, have extended the comment period to Feb. 17, 2017. The FDIC, Fed and OCC extended the period by a month to enable stakeholders more time to study the issues and submit comments.
The agencies have existing programs that contain general expectations for cybersecurity practices at financial institutions and third-party service providers; however, the enhanced standards would be integrated into existing supervisory framework by establishing greater supervisory expectations for the FIs and services that pose heightened cyber risk to the safety of the financial sector. “The enhanced standards would be designed to increase covered entities’ operational resilience and reduce the potential impact on the financial system in the event of a failure, cyberattack or the failure to implement appropriate cyber risk management,” according to the ANPR.
The agencies are considering applying the enhanced standards to certain FIs with total assets of $50 billion or more. “A cyberattack or disruption at one or more of these entities could have a significant impact on the safety and soundness of the entity, other financial entities and the U.S. financial sector,” according to the ANPR.
Comments on the ANPR may be sent via the following methods:
- Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
- E-mail: firstname.lastname@example.org.
- Fax: (202) 452-3819 or (202) 452-3102.
- Mail: Robert Frierson, Secretary, Board of Governors of the Federal Reserve System, 20thStreet and Constitution Avenue NW., Washington, DC 20551.
- U.S. Agencies Provide Guidance, Float New Regs on Cybercrime
- SEC Chair Tabs Cybercrime as Biggest Threat to Financial System
- Report: Cybercrime Costs to Quadruple by 2019
Image Credits: Simiographics