The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector. As the number and frequency of cyber attacks continue to grow, regulators have attempted to enhance cybersecurity protections via increased and more rigid incident reporting obligations, leading to a constantly shifting
As anticipated, the Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Federal Reserve”), and the Federal Deposit Insurance Corporation (“FDIC”) recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”). This Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic. It places new reporting requirements on both U.S. banking organizations, as well as bank service providers. …
Continue Reading Federal Financial Regulators Tighten Timelines for Reporting Ransomware Attacks
On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator. Under the proposed rule, for incidents…
Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance with applicable laws and regulations. The Report concluded that some of the OCC’s primary concerns are with the elevation in operational risk “as banks adapt business models, transform technology and operating processes, and respond to evolving cyber threats.” The Report also focused on elevated compliance risk associated with bank efforts to “manage money-laundering risks in a complex environment.”
Many of the OCC’s observations and recommendations remained the same from its Fall 2017 report, leaving readers to wonder what will spur less conversation and potentially more action among OCC-supervised banks or concrete guidance by the OCC. Regardless, a common thread running throughout both reports is the potential risk presented to financial institutions by emerging technologies, which carry the simultaneous blessing and curse of greater business opportunities, but also greater operational and compliance risks.
Continue Reading OCC Semiannual Risk Perspective Highlights Cybersecurity, Fraud, Money Laundering Concerns
Last week, the Office of the Comptroller of the Currency (OCC) released its semiannual risk report highlighting credit, operational, and compliance risks to the federal banking system. The report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource by those financial institutions to address the key concerns identified by the OCC. Specifically, the OCC placed cybersecurity and anti-money laundering (AML) issues among the three top concerns highlighted in the report.
The OCC called for banks to remain vigilant against the operational risks that arise from efforts to adapt business models, transform technology and operating processes, and respond to increasing cybersecurity threats. The OCC stated that:…
Continue Reading OCC Report Identifies Cybersecurity as Key Risk for Federal Banking System