Featured Product

    US Agencies Finalize Rule on Security Incident Reporting

    November 18, 2021

    US Agencies decided to terminate the temporary supervisory and enforcement flexibility that was announced for the mortgage servicing rule in April 2020, amid the COVID-19 pandemic. These agencies are Board of Governors of the Federal Reserve System (FED), Consumer Financial Protection Bureau (CFPB), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), and the state financial regulators. Additionally, FDIC, FED, and OCC approved a final rule that requires a banking organization to notify its primary federal regulator of any “computer-security incident” that rises to the level of a notification incident. The final rule takes effect on April 01, 2022, with full compliance extended to May 01, 2022.

    The final rule on security incident notification requires a banking organization to notify its primary federal regulator of any significant computer-security incident as soon as possible and no later than 36 hours after the banking organization determines that a cyber incident has occurred. The rule defines computer-security incident as an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits. Notification is required for incidents that have materially affected—or are reasonably likely to materially affect—the viability of a banking organization's operations, its ability to deliver banking products and services, or the stability of the financial sector. The final rule also requires a bank service provider to notify the affected banking organization customers as soon as possible when the provider determines that it has experienced a computer-security incident that has materially affected or is reasonably likely to materially affect banking organization customers for four or more hours.

    With respect to the Joint Statement on mortgage servicing rules, in April 2020, the US Agencies (including CFPB, FDIC, FED, NCUA, OCC) had announced that, until further notice, they would not take supervisory or enforcement action against mortgage servicers for failing to meet certain timing requirements under the mortgage servicing rules as long as the servicers made good faith efforts to provide those required notices or disclosures and took the related actions within a reasonable period of time. More than 18 months have passed since issuance of the April 2020 Joint Statement. While the COVID-19 pandemic continues to affect consumers and mortgage servicers, the US Agencies believe the temporary flexibility described in the April 2020 Joint Statement is no longer necessary because servicers have had sufficient time to adjust their operations by, among other things, taking steps to work with consumers affected by the COVID-19 pandemic and developing more robust business continuity and remote work capabilities. The agencies will now apply their respective supervisory and enforcement authorities, where appropriate, to address any noncompliance or violations of the Regulation X mortgage servicing rules that occur after the date of issuance of this statement.

     

    Related Links

    Effective Date: April 01, 2022 (Final Rule)

    Keywords: Americas, US, Banking, Mortgage Servicing Rules, COVID-19, Cyber Risk, Lending, Incident Reporting, US Agencies

    Featured Experts
    Related Articles
    News

    APRA Publishes Results of Climate Risk Self-Assessment Survey

    The Australian Prudential Regulation Authority (APRA) has published the findings of its latest climate risk self-assessment survey conducted across the banking, insurance, and superannuation industries.

    August 04, 2022 WebPage Regulatory News
    News

    ACPR Publishes Updates Related to CRD IV and Covered Bonds

    The French Prudential Supervisory Authority (ACPR) published a notice related to the methods for calculating and publishing prudential ratios under the Capital Requirements Directive (CRD IV) and the minimum requirement for own funds and eligible liabilities (MREL).

    August 03, 2022 WebPage Regulatory News
    News

    BIS Paper Contributes to Debate on Regulating NBFIs and Big Techs

    The Financial Stability Institute (FSI) of the Bank for International Settlements recently published a paper proposing a framework for classifying financial stability regulation as either entity-based or activity-based.

    August 03, 2022 WebPage Regulatory News
    News

    EIOPA Publishes Guidance on Climate Change Scenarios in ORSA

    The European Insurance and Occupational Pension Authority (EIOPA) published the risk dashboard based on Solvency II data and the final version of the application guidance on climate change materiality assessments and climate change scenarios in the Own Risk and Solvency Assessment (ORSA).

    August 02, 2022 WebPage Regulatory News
    News

    EBA and ECB Respond to Proposals on Sustainability Disclosures

    The European Banking Authority (EBA) and the European Central Bank (ECB) published their responses to the consultations of the International Sustainability Standards Board (ISSB) and the European Financial Reporting Advisory Group (EFRAG) on sustainability-related disclosure standards.

    August 01, 2022 WebPage Regulatory News
    News

    BIS Report Notes Existing Gaps in Climate Risk Data at Central Banks

    A Consultative Group on Risk Management (CGRM) at the Bank for International Settlements (BIS) published a report that examines incorporation of climate risks into the international reserve management framework.

    July 29, 2022 WebPage Regulatory News
    News

    EBA Publishes Multiple Regulatory Updates for Regulated Entities

    The European Banking Authority (EBA) published the final guidelines on liquidity requirements exemption for investment firms, updated version of its 5.2 filing rules document for supervisory reporting, and Single Rulebook Question and Answer (Q&A) updates in July 2022.

    July 29, 2022 WebPage Regulatory News
    News

    EIOPA Issues SII Taxonomy and Guide on Sustainability Preferences

    The European Insurance and Occupational Pensions Authority (EIOPA) published Version 2.8.0 of the Solvency II data point model (DPM) and XBRL taxonomy.

    July 29, 2022 WebPage Regulatory News
    News

    EESC Opines on Proposals on CRR and European Single Access Point

    The European Union published, in the Official Journal of the European Union, an opinion from the European Economic and Social Committee (EESC); the opinion is on the proposal for a regulation to amend the Capital Requirements Regulation (CRR).

    July 29, 2022 WebPage Regulatory News
    News

    HM Treasury Publishes Multiple Regulatory Updates in July 2022

    HM Treasury published a draft statutory instrument titled “The Financial Services (Miscellaneous Amendments) (EU Exit) Regulations 2022,” along with the related explanatory memorandum and impact assessment.

    July 29, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8423