On Wednesday three U.S. bank regulators issued an advance notice of proposed rulemaking (ANPR) calling on banks to do more with their cybersecurity programs.
The Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency have proposed a set of standards. The standards, which are open to discussion until January 17, 2017, would be tiered, with an additional set of higher standards for systems that provide key functionality to the financial sector. For these sector-critical systems, the three agencies are considering requiring firms to substantially mitigate the risk of a disruption or failure due to a cyber event.
According to a statement by the Federal Reserve, Office of the Comptroller of the Currency and Federal Deposit Insurance Corp, Banks with assets of $50 billion or more must satisfy the new rules.
The proposed standards are available here.