Featured Product

    FED Maintains CCyB at Zero, Proposes Incident Reporting Requirements

    December 18, 2020

    FED decided to affirm the countercyclical capital buffer (CCyB) rate at the current level of 0%, based on its policy statement that sets out the framework for setting CCyB for private-sector credit exposures in the United States. If FED decides to modify the CCyB rate in the future, banking organizations would have 12 months before the increase would become effective, unless FED establishes an earlier effective date. Additionally, US Agencies (FDIC, FED, and OCC) proposed requirements for supervised banking organizations and their service providers to promptly notify their primary federal regulator in the event of a computer security incident. Comments on the proposal must be received within 90 days of its publication in the Federal Register.

    The proposed rule would define a computer-security incident as an occurrence that results in actual or potential harm to the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. The proposed rule would establish two primary requirements:

    • A banking organization would be required to notify its primary federal regulator of any computer security incident that rises to the level of a notification incident as soon as possible and no later than 36 hours after the banking organization believes in good faith that a notification incident has occurred. 
    • Bank service provider of a service described under Bank Service Company Act (BSCA) to notify at least two individuals at affected banking organization customers immediately after experiencing a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided subject to BSCA for four or more hours. The impact of computer-security incidents at bank service providers can flow through to their banking organization customers. Therefore, for a banking organization to be able to provide relevant notifications to its primary federal regulator in a timely manner, it needs to receive prompt notification of computer-security incidents from its service providers.

     

    Related Links

    Comment Due Date: FR+90 Days

    Keywords: Americas, US, Banking, Cyber Risk, CCyB, Regulatory Capital, Basel, Bank Service Company Act, Operational Risk, Macro-Prudential Policy, Incident Reporting, US Agencies

    Featured Experts
    Related Articles
    News

    HKMA Finalizes Policy Modules on Group-Wide Approach and Remuneration

    The Hong Kong Monetary Authority (HKMA) revised the Supervisory Policy Manual module CG-5 that sets out guidelines on a sound remuneration system for authorized institutions.

    July 29, 2021 WebPage Regulatory News
    News

    EBA Guide to Monitor Threshold for Intermediate Parent Undertakings

    The European Banking Authority (EBA) published the final guidelines on the monitoring of the threshold and other procedural aspects on the establishment of intermediate parent undertakings in European Union (EU), as laid down in the Capital Requirements Directive (CRD).

    July 28, 2021 WebPage Regulatory News
    News

    PRA Finalizes Approach to Supervision of International Banks

    In a recent Market Notice, the Bank of England (BoE) confirmed that green gilts will have equivalent eligibility to existing gilts in its market operations.

    July 26, 2021 WebPage Regulatory News
    News

    FCA Issues PS21/9 on Implementation of Investment Firms Regime

    The Financial Conduct Authority (FCA) published the policy statement PS21/9 on implementation of the Investment Firms Prudential Regime.

    July 26, 2021 WebPage Regulatory News
    News

    EBA Proposes Regulatory Standards to Identify Shadow Banking Entities

    The European Banking Authority (EBA) proposed regulatory technical standards that set out criteria for identifying shadow banking entities for the purpose of reporting large exposures.

    July 26, 2021 WebPage Regulatory News
    News

    IOSCO Proposes Recommendations on ESG Ratings and Data Providers

    The Board of the International Organization of Securities Commissions (IOSCO) proposed a set of recommendations on the environmental, social, and governance (ESG) ratings and data providers.

    July 26, 2021 WebPage Regulatory News
    News

    ESMA Group Issues Recommendations on RFR Switch in Interdealer Market

    The European Securities and Markets Authority (ESMA) published recommendations from the Working Group on Euro Risk-Free Rates (RFR) on the switch to risk-free rates in the interdealer market.

    July 26, 2021 WebPage Regulatory News
    News

    ECB Study Assesses Impact of Basel III Finalization Package

    The European Central Bank (ECB) published a paper as well as an article in the July Macroprudential Bulletin, both of which offer insights on the assessment of the impact of Basel III finalization package on the euro area.

    July 26, 2021 WebPage Regulatory News
    News

    ISDA Finds FRTB Results in Higher Capital Charges for Carbon Trading

    The International Swaps and Derivatives Association (ISDA) published a paper that explores the impact of the Fundamental Review of the Trading Book (FRTB) on the trading of carbon certificates.

    July 26, 2021 WebPage Regulatory News
    News

    PRA Updates Remuneration Policy Statement Templates and Tables

    The Prudential Regulation Authority (PRA) published the remuneration policy self-assessment templates and tables on strengthening accountability.

    July 26, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7311