Fintechs May Be Subject To The Bank Service Company Act—and Not Even Know It - Technology mondaq.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from mondaq.com Daily Mail and Mail on Sunday newspapers.
Bank Groups Object to Proposed Breach Notification Regulation
DougOlenick) • April 15, 2021
The Office of the Comptroller of the Currency and two other agencies issued the proposed notification rule.
The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies. For example, they say that the definition of a reportable computer security incident is too broad and would result in the reporting of insignificant events.
The proposed regulation would require banks to provide their primary federal regulator with prompt notification of any computer security incident that materially disrupts, degrades or impairs certain important business operations.
To embed, copy and paste the code into your website or blog:
Keypoint: April 12, 2021 is the deadline to comment on a proposed rule that would require banking organizations and bank service providers to promptly report computer-security incidents.
The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) (collectively the “agencies”) are requesting public comment on a proposed rule requiring banks to notify the applicable agency within 36 hours when the banks believe in good faith that a significant cybersecurity event has occurred. Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, 86 Fed. Reg. 2399 (Jan. 12, 2021).
United Kingdom: HM Treasury consults on regulatory approach to cryptoassets and stablecoins
On 7 January 2021 HM Treasury (HMT) published a combined consultation paper and call for evidence on the regulatory approach to cryptoassets and stablecoins.
In outline, the consultation proposes:
A policy approach that would involve specific requirements being implemented by independent regulators (e.g. via rules or codes of practice) within a wider framework of objectives and considerations set out by HMT.
Expansion of the regulatory perimeter, with the introduction of a regulatory framework for “stable tokens” (i.e. tokens which maintain a stable value by referencing asset(s)), drawing on existing e-money and payments legislation. The FCA would authorise and supervise relevant entities carrying out certain activities in the UK. A stable token arrangement could also be subject to Payment Systems Regulator (PSR) and Bank of England regulation under certain circumstances.
[Co-author: Jake Nevola]
On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed Rulemaking (NPRM) titled
Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
(Proposed Rule), which would create accelerated notification obligations for banking organizations and bank service providers in the event of a “‘computer-security incident’ that rises to the level of a ‘notification incident.’” Importantly, the Proposed Rule focuses on security events that disrupt financial institutions’ operations and not just security events that impact sensitive customer information, some of which would not be covered by the Proposed Rule.