Featured Product

    FED Maintains CCyB at Zero, Proposes Incident Reporting Requirements

    December 18, 2020

    FED decided to affirm the countercyclical capital buffer (CCyB) rate at the current level of 0%, based on its policy statement that sets out the framework for setting CCyB for private-sector credit exposures in the United States. If FED decides to modify the CCyB rate in the future, banking organizations would have 12 months before the increase would become effective, unless FED establishes an earlier effective date. Additionally, US Agencies (FDIC, FED, and OCC) proposed requirements for supervised banking organizations and their service providers to promptly notify their primary federal regulator in the event of a computer security incident. Comments on the proposal must be received within 90 days of its publication in the Federal Register.

    The proposed rule would define a computer-security incident as an occurrence that results in actual or potential harm to the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. The proposed rule would establish two primary requirements:

    • A banking organization would be required to notify its primary federal regulator of any computer security incident that rises to the level of a notification incident as soon as possible and no later than 36 hours after the banking organization believes in good faith that a notification incident has occurred. 
    • Bank service provider of a service described under Bank Service Company Act (BSCA) to notify at least two individuals at affected banking organization customers immediately after experiencing a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided subject to BSCA for four or more hours. The impact of computer-security incidents at bank service providers can flow through to their banking organization customers. Therefore, for a banking organization to be able to provide relevant notifications to its primary federal regulator in a timely manner, it needs to receive prompt notification of computer-security incidents from its service providers.


    Related Links

    Comment Due Date: FR+90 Days

    Keywords: Americas, US, Banking, Cyber Risk, CCyB, Regulatory Capital, Basel, Bank Service Company Act, Operational Risk, Macro-Prudential Policy, Incident Reporting, US Agencies

    Featured Experts
    Related Articles

    EBA Sets Out Roadmap for 2023, Updates Reporting Framework 3.2

    The European Banking Authority (EBA) published its work program for 2023 as well as the technical package for phase 3 of version 3.2 of its reporting framework.

    September 30, 2022 WebPage Regulatory News

    FED Announces Launch of Climate Scenario Analysis Exercise in 2023

    The Board of Governors of the Federal Reserve System (FED) announced a pilot climate scenario analysis exercise for six largest banks in the U.S.

    September 29, 2022 WebPage Regulatory News

    BIS Paper Studies Impact of Fintech Lending on Small Businesses in US

    The Bank for International Settlements (BIS) published a paper that studies impact of fintech lending on credit access for small businesses in U.S.

    September 26, 2022 WebPage Regulatory News

    UK Regulators Issue CRR Changes and Stress Test Scenarios for Banks

    The Prudential Regulation Authority (PRA) issued the policy statement PS8/22 to amend the Own Funds and Eligible Liabilities (CRR) Part of the PRA Rulebook and update the supervisory statement SS7/13 titled "Definition of capital (CRR firms).

    September 26, 2022 WebPage Regulatory News

    EBA Launches EU-Wide Transparency Exercise in 2022

    The European Banking Authority (EBA) launched the EU-wide transparency exercise for 2022, with results of the exercise expected to be published at the beginning of December, along with the annual Risk Assessment Report.

    September 23, 2022 WebPage Regulatory News

    SRB on CRR Quick-Fix to Policy for Multiple Point of Entry Banks

    The Single Resolution Board (SRB) welcomed the adoption of the review of the Capital Requirements Regulation, or CRR, also known as the "CRR quick-fix."

    September 22, 2022 WebPage Regulatory News

    EC Rule Lists Advanced Economies for Market Risk Capital Calculations

    The European Commission (EC) recently adopted the Delegated Regulation 2022/1622, which sets out the regulatory technical standards to specify the countries that constitute advanced economies for the purpose of specifying risk-weights for the sensitivities to equity.

    September 21, 2022 WebPage Regulatory News

    EBA Publishes Final Regulatory Standards on STS Securitizations

    The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.

    September 20, 2022 WebPage Regulatory News

    ECB Further Reviews Costs and Benefits Associated with IReF

    The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.

    September 15, 2022 WebPage Regulatory News

    EBA Publishes Funding Plans Report, Receives EMAS Certification

    The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).

    September 15, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8523