All Things FinReg


As National Cybersecurity Awareness Month comes to a close, the federal financial regulators have been releasing guidance related to cybersecurity and financial technology (FinTech) issues faster than a teen can complain about slow Wi-Fi.

In the last 10 days, there have been a number of notable releases:

  • The Board of Governors of the Federal Reserve System (Federal Reserve Board), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) released a joint advance notice of proposed rulemaking titled Enhanced Cyber Risk Management Standards that would apply to large supervised financial institutions and their service providers.
  • The Federal Reserve Board’s Secure Payments Task Force identified its key priorities for addressing secure payments: payment identity management, information sharing to mitigate payments risk and fraud, and data protection. The task force has invited industry feedback on these priorities through November 8.
  • The Financial Crimes Enforcement Network released FAQs Regarding Reporting of Cyber-Events, Cyber-Enabled Crime, and Cyber-Related Information Through Suspicious Activity Reports.
  • The Consumer Financial Protection Bureau (CFPB) released its first report from Project Catalyst, its initiative to promote consumer-friendly innovation that incorporates appropriate consumer protections.
  • The OCC released Recommendations and Decisions to Implementing a Responsible Innovation Framework, which implements structural changes in the OCC to encourage and facilitate FinTech innovation and to provide technical assistance to banks and nonbanks.

It’s refreshing to see the Federal Reserve Board, the OCC, and the FDIC take a consolidated approach to their efforts, and that some agencies (like the OCC and CFPB) are making attempts to learn more about cybersecurity innovation. The flurry of activity suggests that cybersecurity will continue to be an area of increased oversight, even after the month ends. All regulated financial institutions, FinTech companies, and their service providers should review these various issuances. Additionally, industry participants should consider commenting on the proposals, because they present an opportunity to help shape cybersecurity and FinTech regulation in the next decade.