Enhanced Cyber Risk Management Standards: Advanced Notice of Proposed Rulemaking
OCC BULLETIN 2016-41
Enhanced Cyber Risk Management Standards
Date:
To: Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties
Description: Advanced Notice of Proposed Rulemaking
Summary
The agencies are considering establishing enhanced standards to increase the operational resilience of a covered entity, lower the probability of a covered entity's failure or inability to serve as a financial intermediary, and reduce the potential impact on the financial system of a cyber event affecting a covered entity.
The ANPR was published in the
See original table at: https://www.occ.gov/news-issuances/bulletins/2016/bulletin-2016-41.html
Highlights
The ANPR describes potential enhanced standards that are divided into five general categories: cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness.
The ANPR applies to:
- any national bank, federal savings association (and any subsidiaries thereof), or federal branch of a foreign bank that is a subsidiary of a bank holding company or savings and loan holding company with
- any national bank, federal savings association, or federal branch of a foreign bank that has
- any third-party service provider with respect to services provided to any covered national bank or federal savings association (or any subsidiaries thereof).
The proposed standards in the ANPR would be implemented in a tiered manner, imposing more stringent standards on the systems of covered entities that are critical to the functioning of the financial sector.
Background
As technology dependence in the financial sector continues to grow, so do opportunities for high-impact technology failures and cyber attacks. Due to the interconnectedness of the
In response to the expanding cyber risks, the agencies are considering establishing enhanced standards for the largest and most interconnected entities under their supervision. A covered entity is required to ensure that the services it receives from a third party are conducted consistent with the same standards that would apply if the covered entity conducted the operations itself. Thus, the enhanced standards would apply to all the operations of a covered entity regardless of whether the covered entity conducts an operation itself or through a third party.
Further Information
Please contact
Senior Deputy Comptroller and Chief Counsel
- Enhanced Cyber Risk Management Standards (https://www.gpo.gov/fdsys/pkg/FR-2016-10-26/pdf/2016-25871.pdf)
Reports from China Medical University and Hospital Add New Data to Findings in Healthcare Management (The Cost-Effectiveness of Treatment Modalities…
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News