Treasury agencies extend consultation for rulemaking on cyber risk management standards

Treasury agencies extend consultation for rulemaking on cyber risk management standards | Insurance Business

Treasury agencies extend consultation for rulemaking on cyber risk management standards
The agencies involved in the rulemaking to standardize cyber risk management and governance among large and interconnected agencies have announced an extension to the comment period for the process.

In a joint statement, the Federal Reserve Board, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation, said that they have extended the deadline for consultation for the advance notice of proposed rulemaking (ANPR) for enhanced cyber risk management standards.

The agencies are considering five categories of cyber standards: cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience and situational awareness.

The original deadline for comments was set for today (January 17), but the agencies decided to extend it to “allow interested persons more time to analyze the issues and prepare their comments,” the statement read.

The ANPR was published in the Federal Register on October 26 last year.

In a previous statement, the agencies said they “are considering establishing enhanced standards for the largest and most interconnected entities under their supervision” as a response to growing cyber risks.

Further, they said, “a covered entity is required to ensure that the services it receives from a third party are conducted consistent with the same standards that would apply if the covered entity conducted the operations itself.”


Related stories:
Fear and risk in 2017: Allianz Barometer
Morning Briefing: Cyber risk set to intensify this year