Featured Product

    US Agencies Finalize Rule on Security Incident Reporting

    November 18, 2021

    US Agencies decided to terminate the temporary supervisory and enforcement flexibility that was announced for the mortgage servicing rule in April 2020, amid the COVID-19 pandemic. These agencies are Board of Governors of the Federal Reserve System (FED), Consumer Financial Protection Bureau (CFPB), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), and the state financial regulators. Additionally, FDIC, FED, and OCC approved a final rule that requires a banking organization to notify its primary federal regulator of any “computer-security incident” that rises to the level of a notification incident. The final rule takes effect on April 01, 2022, with full compliance extended to May 01, 2022.

    The final rule on security incident notification requires a banking organization to notify its primary federal regulator of any significant computer-security incident as soon as possible and no later than 36 hours after the banking organization determines that a cyber incident has occurred. The rule defines computer-security incident as an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits. Notification is required for incidents that have materially affected—or are reasonably likely to materially affect—the viability of a banking organization's operations, its ability to deliver banking products and services, or the stability of the financial sector. The final rule also requires a bank service provider to notify the affected banking organization customers as soon as possible when the provider determines that it has experienced a computer-security incident that has materially affected or is reasonably likely to materially affect banking organization customers for four or more hours.

    With respect to the Joint Statement on mortgage servicing rules, in April 2020, the US Agencies (including CFPB, FDIC, FED, NCUA, OCC) had announced that, until further notice, they would not take supervisory or enforcement action against mortgage servicers for failing to meet certain timing requirements under the mortgage servicing rules as long as the servicers made good faith efforts to provide those required notices or disclosures and took the related actions within a reasonable period of time. More than 18 months have passed since issuance of the April 2020 Joint Statement. While the COVID-19 pandemic continues to affect consumers and mortgage servicers, the US Agencies believe the temporary flexibility described in the April 2020 Joint Statement is no longer necessary because servicers have had sufficient time to adjust their operations by, among other things, taking steps to work with consumers affected by the COVID-19 pandemic and developing more robust business continuity and remote work capabilities. The agencies will now apply their respective supervisory and enforcement authorities, where appropriate, to address any noncompliance or violations of the Regulation X mortgage servicing rules that occur after the date of issuance of this statement.

     

    Related Links

    Effective Date: April 01, 2022 (Final Rule)

    Keywords: Americas, US, Banking, Mortgage Servicing Rules, COVID-19, Cyber Risk, Lending, Incident Reporting, US Agencies

    Featured Experts
    Related Articles
    News

    APRA Penalizes Heritage Bank for Incorrect Reporting of Capital

    The Australian Prudential Regulation Authority (APRA) found that Heritage Bank Limited had incorrectly reported capital because of weaknesses in operational risk and compliance frameworks, although the bank did not breach minimum prudential capital ratios at any point and remains well-capitalized.

    November 29, 2021 WebPage Regulatory News
    News

    OSFI Releases Annual Report 2021-2022

    The Office of the Superintendent of Financial Institutions (OSFI) released the annual report for 2020-2021.

    November 29, 2021 WebPage Regulatory News
    News

    APRA Finalizes Guidance on Management of Climate Change Risks

    The Australian Prudential Regulation Authority (APRA) released the final Prudential Practice Guide on management of climate change financial risks (CPG 229) for banks, insurers, and superannuation trustees.

    November 26, 2021 WebPage Regulatory News
    News

    EBA Publishes Single Rulebook Q&A Updates in November 2021

    The European Banking Authority (EBA) Single Rulebook Question and Answer (Q&A) tool updates for this month include answers to 10 questions.

    November 26, 2021 WebPage Regulatory News
    News

    EC Proposes New Measures Under Capital Markets Union Package

    The European Commission (EC) has adopted a package of measures related to the Capital Markets Union.

    November 25, 2021 WebPage Regulatory News
    News

    European Council Adopts Position on Digital Finance Package Proposals

    The European Council adopted its position on two proposals that are part of the digital finance package adopted by the European Commission in September 2020, with one of the proposals involving the regulation on markets in crypto-assets (MiCA) and the other involving the Digital Operational Resilience Act (DORA).

    November 25, 2021 WebPage Regulatory News
    News

    PRA Proposes Rulebook Changes; BoE Extends BEEDS Testing Window

    The Prudential Regulation Authority (PRA) is proposing, via the consultation paper CP21/21, to apply group provisions in the Operational Resilience Part of the PRA Rulebook (relevant for the Capital Requirements Regulation or CRR firms) to holding companies.

    November 25, 2021 WebPage Regulatory News
    News

    FED Outlines Lending Conditions and Supervisory Activities in H1 2021

    The Board of Governors of the Federal Reserve System (FED) published a report that summarizes banking conditions in the United States, along with the supervisory and regulatory activities of FED.

    November 24, 2021 WebPage Regulatory News
    News

    EBA Publishes Standards to Calculate Risk-Weights of CIUs Under CRR

    The European Banking Authority (EBA) published the final report on draft regulatory technical standards for the calculation of risk-weighted exposure amounts of collective investment undertakings or CIUs, in line with the Capital Requirements Regulation (CRR).

    November 24, 2021 WebPage Regulatory News
    News

    APRA Expects Boards to Strengthen Ability to Oversee Cyber Resilience

    The Australian Prudential Regulation Authority (APRA) recently completed two pilot initiatives in its 2020-2024 Cyber Security Strategy, which was published in November 2020.

    November 23, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7736