FED decided to affirm the countercyclical capital buffer (CCyB) rate at the current level of 0%, based on its policy statement that sets out the framework for setting CCyB for private-sector credit exposures in the United States. If FED decides to modify the CCyB rate in the future, banking organizations would have 12 months before the increase would become effective, unless FED establishes an earlier effective date. Additionally, US Agencies (FDIC, FED, and OCC) proposed requirements for supervised banking organizations and their service providers to promptly notify their primary federal regulator in the event of a computer security incident. Comments on the proposal must be received within 90 days of its publication in the Federal Register.
The proposed rule would define a computer-security incident as an occurrence that results in actual or potential harm to the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. The proposed rule would establish two primary requirements:
- A banking organization would be required to notify its primary federal regulator of any computer security incident that rises to the level of a notification incident as soon as possible and no later than 36 hours after the banking organization believes in good faith that a notification incident has occurred.
- Bank service provider of a service described under Bank Service Company Act (BSCA) to notify at least two individuals at affected banking organization customers immediately after experiencing a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided subject to BSCA for four or more hours. The impact of computer-security incidents at bank service providers can flow through to their banking organization customers. Therefore, for a banking organization to be able to provide relevant notifications to its primary federal regulator in a timely manner, it needs to receive prompt notification of computer-security incidents from its service providers.
Comment Due Date: FR+90 Days
Keywords: Americas, US, Banking, Cyber Risk, CCyB, Regulatory Capital, Basel, Bank Service Company Act, Operational Risk, Macro-Prudential Policy, Incident Reporting, US Agencies
The Hong Kong Monetary Authority (HKMA) revised the Supervisory Policy Manual module CG-5 that sets out guidelines on a sound remuneration system for authorized institutions.
The European Banking Authority (EBA) published the final guidelines on the monitoring of the threshold and other procedural aspects on the establishment of intermediate parent undertakings in European Union (EU), as laid down in the Capital Requirements Directive (CRD).
In a recent Market Notice, the Bank of England (BoE) confirmed that green gilts will have equivalent eligibility to existing gilts in its market operations.
The Financial Conduct Authority (FCA) published the policy statement PS21/9 on implementation of the Investment Firms Prudential Regime.
The European Banking Authority (EBA) proposed regulatory technical standards that set out criteria for identifying shadow banking entities for the purpose of reporting large exposures.
The Board of the International Organization of Securities Commissions (IOSCO) proposed a set of recommendations on the environmental, social, and governance (ESG) ratings and data providers.
The European Securities and Markets Authority (ESMA) published recommendations from the Working Group on Euro Risk-Free Rates (RFR) on the switch to risk-free rates in the interdealer market.
The European Central Bank (ECB) published a paper as well as an article in the July Macroprudential Bulletin, both of which offer insights on the assessment of the impact of Basel III finalization package on the euro area.
The International Swaps and Derivatives Association (ISDA) published a paper that explores the impact of the Fundamental Review of the Trading Book (FRTB) on the trading of carbon certificates.
The Prudential Regulation Authority (PRA) published the remuneration policy self-assessment templates and tables on strengthening accountability.