Proposed Cybersecurity Regulations for Banking Agencies: Scope of Application

The Federal Reserve’s 2016 Enhanced Cyber Risk Management Standards propose the implementation of a stricter, more comprehensive set of cyber security standards to those in the financial sector, specifically financial firms and larger banks. The Notice seeks to reduce Cyber Liability within the financial market, especially due to recent cyber attacks against leading financial regulators such as Wall Street and the New York Federal Reserve. In this post, we will go into greater detail about the proposed scope of application for these new standards.

Primary Scope

As outlined in the proposal, the standards will be applied towards “certain entities with total consolidated assets of $50 billion or more on an enterprise-wide basis.” This scope was chosen due to these groups’ relative impact within the financial sector – a cyber attack has the potential to impact not only the agency but many others in the United States financial sector. The standards would be applied on an enterprise-wide basis because cyber liabilities in just one of the organization’s sections could easily spread and cause harm to other parts.

Subsidiaries

There are other groups that are likely to fall under these new standards, however; the Notice continues to specify that the aforementioned covered entities would apply these standards to larger institutions subject to their jurisdiction. Under this specification, the standards would also apply on an enterprise-wide basis to all United States bank holding companies with total consolidated assets of at least $50 billion, United States operations of foreign banking organizations with total assets of at least $50 billion, and all United States savings and loan holding companies with total consolidated assets of $50 billion or more. In addition, the proposed standards would apply to depository institution holding companies’ subsidiaries due to their potential to be points of cyber liability for their entities.

There are other entities to which the Board is considering applying its standards; some of these organizations are:

  • “Nonbank financial companies supervised by the Board pursuant to section 165 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act)”,
  • “Financial market utilities designated by FSOC (designated FMUs) for which the Board is the Supervisory Agency”,
  • “Any national bank, federal savings association (and any subsidiaries thereof), or federal branch of a foreign bank that is a subsidiary of a bank holding company or savings and loan holding company with total consolidated assets of $50 billion or more”,
  • “Any national bank, federal savings association, or federal branch of a foreign bank that has total consolidated assets of $50 billion or more that does not have a parent holding company”,
  • “Any state member bank (and any subsidiaries thereof) that is a subsidiary of a bank holding company with total consolidated assets of $50 billion or more”,
  • “Any state member bank that has total consolidated assets of $50 billion or more that is not a subsidiary of a bank holding company”,
  • “Any state nonmember bank or state savings association (and any subsidiaries thereof) that is a subsidiary of a bank holding company or savings and loan holding company with total consolidated assets of $50 billion or more”,
  • “Any state nonmember bank or state savings association that has total consolidated assets of $50 billion or more that does not have a parent holding company”,
  • “Third-party service providers with respect to services provided to depository institutions and their affiliates that are covered entities (covered services).

About FGIB

Since 1983, Financial Guaranty Insurance Brokers has distinguished itself as a provider of Professional Liability, Cyber Liability, and Crime insurance products for financial entities, in addition to providing crime insurance and general business insurance products to a number of firms across the United States. To receive timely, personalized service from a knowledgeable and experienced staff, call us today at (877) 485-4413 to speak with one of our professionals.