Federal Banking Regulators to Subject Fat Cats to New Cybersecurity Rules

Published on October 19, 2016 by Sam Knight

Prudential regulators announced on Wednesday that they intend to formulate new cybersecurity rules for the country’s largest banks.

Three major agencies said that they plan on formally proposing the guidelines in January, and welcomed public comment, per standard procedure.

The Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the Federal Reserve are administering the push. In an advance notice of the proposal, they stated that efforts will focus on “cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness.”

Only banks with more than $50 billion in assets would be forced to comply. The threshold is the same as the “Systemically Important Financial Institution” (SIFI) designation under Dodd-Frank, which triggers enhanced rules for the country’s largest banks.

“The [proposal] would not apply to community banks,” FDIC Chair Martin Gruenberg said in a statement. “They, and other institutions not covered by the [proposal], would continue to be subject to current generally applicable guidance and standards.”

Banking regulators have been paying increased attention to cybersecurity this year, independent of claims by the Obama administration and the Hillary Clinton campaign about Russian hacking, allegedly conducted to influence the Presidential election.

JP Morgan and Morgan Stanley, two SIFIs, have recently suffered major data breaches. As has the FDIC itself, Phys.org noted in July. And those intrusions came amid multi-million dollar thefts online from banks in Bangladesh, the Philippines, Vietnam and Ecuador.

In recent weeks, the Commodities Futures Trading Commission (CFTC) finalized a separate set of new rules on cyber defenses, for central nodes of financial markets.

“They require the core infrastructure in our markets—that is, the exchanges, clearinghouses, trading platforms, and trade repositories—to regularly evaluate cyber risks and test their cybersecurity and operational risk defenses,” CFTC Chair Timothy Massad noted on Tuesday.

“We are also continuing to make cybersecurity a priority in our examinations,” he added.

Share this article:

Follow The District Sentinel on Facebook and Twitter.

Subscribe to our daily podcast District Sentinel Radio on Soundcloud or Apple.

Support The District Sentinel and get bonus content on Patreon.

Since 2010, Sam Knight's work has appeared in Truthout, Washington Monthly, Salon, Mondoweiss, Alternet, In These Times, The Reykjavik Grapevine and The Nation. In 2012, he worked as a producer for The Alyona Show on RT. He has written extensively about political movements that emerged in Iceland after the 2008 financial collapse, and is currently working on a book about the subject.