The Federal Deposit Insurance Corp., Office of the Comptroller of the Currency and Federal Reserve Board want public comments on the three bank regulators’ joint plan to establish a set of cyber risk management standards for the financial services industry.
The regulatory agencies also seek potential methods to quantify and compare cyber risks at financial institutions, FDIC said Wednesday.
Responses to the advance notice of proposed rulemaking are due Jan. 17, 2017.
The Federal Reserve, FDIC and OCC are considering whether to apply enhanced cyber risk management standards to depository institutions and foreign banks’ U.S. business units that own at least $50 billion in assets as well as to financial market infrastructure operators and nonbank financial regulations supervised by the Fed, according to the notice.
The regulators also look to require companies to substantially address disruption or failure risks associated with a cyber incident, FDIC added.