Notice of Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers.
86 Fed. Reg. 2299 (Jan 12, 2021)
Board Docket No. R-1736, RIN 7100-AG06 (Board)
OCC Docket ID OCC-2020-0038, RIN 1557-AF02 (OCC)
RIN 3064-AF59 (FDIC)
Ann E. Misback
Secretary
Board of Governors of the Federal Reserve System
20th Street and Constitution Avenue NW
Washington, DC 20551
Board Docket No. R-1736, RIN 7100-AG06
James P. Sheesley
Assistant Executive Secretary
Federal Deposit Insurance Corporation
550 17th Street NW
Washington, DC 20429
RIN 3064-AF59
Chief Counsel's Office
Office of the Comptroller of the Currency
400 7th Street SW
Suite 3E-218
Washington, DC 20219
Docket ID OCC-2020-0038, RIN 1557-AF02 (OCC)
The American Bankers Association (ABA) appreciates the opportunity to respond to the January 2021 notice of proposed rulemaking, Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (“Proposal”), jointly issued by the Federal Reserve Board of Governors, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency (“Agencies”). On behalf of our members, we welcome the opportunity for further engagement with the Agencies. We share the goal to develop a flexible incident notification framework offering early awareness of disruptions, while also being appropriately scoped to avoid overreporting and unnecessary burden for the banking industry, third party service providers, and the supervisory community.
The comments contained in this letter are the product of weekly meetings over 90 days of the ABA Working Group, a diverse group of ABA members composed of more than 100 people representing 51 banks of varying asset sizes, charter types, and business models. This response is a summary of their thoughtful review and robust discussion reflecting on and reacting to the Proposal. In support of the collaborative spirit of the Proposal, the group took a pragmatic approach to consider how early awareness notification could be implemented in a practical, effective manner while being operationally efficient for all financial institutions.
ABA and the ABA Working Group also fully support the suggestions and recommendations made in the letter filed on behalf of ABA, Bank Policy Institute, Institute of International Bankers, and the Securities Industry and Financial Markets Association (“Associations”) in response to the Proposal. The ABA working group collaborated with the Associations working group assuring both letters actively reflect a whole-of-industry perspective. This letter is submitted as a companion to the Associations’ letter offering further context reflective of the ABA working group’s diversity and operational expertise.
On behalf of ABA’s members and our shared interest in enhancing the Proposal’s efficiency and effectiveness, we respectfully encourage the Agencies to:
Download the PDF to read our full comments.