"Proposed Federal Cybersecurity Rules"

Article

The Federal Reserve Board, FDIC, and OCC issued an advance notice of proposed rulemaking (the “Proposed Rules”) on October 19 for enhanced cybersecurity standards on large banks (those with assets totaling $50 billion or more), non-bank financial companies, financial market infrastructures, financial market utilities, and third party providers that service those entities. The Proposed Rules address five key areas: cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness. 

In addition, a higher set of standards would apply to “sector-critical systems,” those critical to the financial sector as a whole. For these systems, regulated entities will be required to use the most sophisticated tools in the market, along with the capability to recover from a cyber attack within two hours. For further discussion on the Proposed Rules, please see our latest Financial Institutions Law Update.

Follow Quarles

Subscribe Media Contact
Back to Main Content

We use cookies to provide you with the best user experience on our website and to analyze statistics related to our website. To understand more about how we use cookies, or for instructions to change your preference and browser settings, please see our Privacy Notice. Please note that if you choose to reject cookies, doing so may impair some of our website's functionality.