News & Resources

Publications & Media

“Proposed Federal Cybersecurity Rules”

Safe and Sound By James I. Kaplan

The Federal Reserve Board, FDIC, and OCC issued an advance notice of proposed rulemaking (the “Proposed Rules”) on October 19 for enhanced cybersecurity standards on large banks (those with assets totaling $50 billion or more), non-bank financial companies, financial market infrastructures, financial market utilities, and third party providers that service those entities. The Proposed Rules address five key areas: cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness. 

In addition, a higher set of standards would apply to “sector-critical systems,” those critical to the financial sector as a whole. For these systems, regulated entities will be required to use the most sophisticated tools in the market, along with the capability to recover from a cyber attack within two hours. For further discussion on the Proposed Rules, please see our latest Financial Institutions Law Update.


Payment Portal

You are leaving the Quarles & Brady website and being directed to the bill presentment and paying service offered by a third party provider. If you do not wish to continue to the site, click Close or use the Back button on your web browser to return the Quarles & Brady website.