[Federal Register Volume 79, Number 126 (Tuesday, July 1, 2014)]
[Rules and Regulations]
[Pages 37166-37167]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-15292]


=======================================================================
-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

12 CFR Parts 208 and 225

[Docket No. R-1493 RIN 7100 AE-21]


Interagency Guidelines Establishing Information Security 
Standards

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Final rule; technical amendment.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
is amending Appendix D-2 of Regulation H and Appendix F of Regulation Y 
to correct citations to rules on privacy of consumer financial 
information.

DATES: Effective Date: This rule is effective July 31, 2014.

FOR FURTHER INFORMATION CONTACT: Clinton Chen, Attorney, (202) 452-
3952, Legal Division. For the hearing impaired only, Telecommunication 
Device for the Deaf (TDD), (202) 263-4869.

SUPPLEMENTARY INFORMATION: Section 501(b) of the Gramm-Leach-Bliley Act 
(GLB Act) \1\ requires the Office of the Comptroller of the Currency, 
Board of Governors of the Federal Reserve System, Federal Deposit 
Insurance Corporation, and Office of Thrift Supervision (the Agencies), 
as well as the National Credit Union, the Securities and Exchange 
Commission, and the Federal Trade Commission, to establish appropriate 
standards for the financial institutions subject to their respective 
jurisdictions relating to the administrative, technical, and physical 
safeguards for customer records and information.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 6801.
---------------------------------------------------------------------------

    In February 2001, the Agencies issued a joint final rule 
implementing guidelines for establishing standards for safeguarding 
customer information under section 501(b) of the GLB Act.\2\ The 
Board's versions of the guidelines (now entitled Interagency Guidelines 
Establishing Information Security Standards (Security Guidelines)) are 
codified in Appendix D-2 of Regulation H (12 CFR part 208) and Appendix 
F of Regulation Y (12 CFR part 225). In December 2004, the Agencies 
amended the Security Guidelines pursuant to section 628 of the Fair 
Credit Reporting Act,\3\ which requires proper disposal of consumer 
information.\4\ The Security Guidelines establish standards relating to 
administrative, technical, and physical safeguards to ensure the 
security, confidentiality, integrity and the proper disposal of 
consumer information. The Security Guidelines in the Board's Regulation 
H and Y currently cross-reference the definitions of ``customer'' and 
``customer information'' in the Board's Regulation P (Privacy of 
Consumer Financial Information).
---------------------------------------------------------------------------

    \2\ 66 FR 8616 (Feb. 1, 2001).
    \3\ 15 U.S.C. 1681w. This section was added by section 216 of 
the Fair and Accurate Credit Transactions Act of 2003.
    \4\ 69 FR 77610 (Dec. 28, 2004).
---------------------------------------------------------------------------

    In May 2014, the Board approved the repeal of Regulation P, 
effective June 30, 2014.\5\ The Dodd-Frank Wall Street Reform and 
Consumer Protection Act (Dodd-Frank Act) transferred rulemaking 
authority for a number of consumer financial protection laws from the 
Board and other agencies to the Consumer Financial Protection Bureau 
(CFPB), except with respect to certain motor vehicle dealers.\6\ The 
transfer includes rulemaking authority for Regulation P under the 
financial privacy provisions of the GLB Act.\7\ (The Dodd-Frank Act did 
not transfer responsibility for the Security Guidelines.) The CFPB has 
issued interim final rules that are substantially identical to the 
Board's Regulation P.
---------------------------------------------------------------------------

    \5\ 79 FR 30708 (May 29, 2014).
    \6\ Pub. L. 111-203, 124 Stat. 1376 (Jul. 21, 2010).
    \7\ The GLB Act's privacy provisions are contained in sections 
502 and 503 of that Act. 15 U.S.C. 6802-6803.
---------------------------------------------------------------------------

    The Board is amending the cross-references in the Security 
Guidelines to refer to the CFPB's version of Regulation P. These 
amendments do not have any effect on the substantive requirements 
imposed by the Security Guidelines.

Administrative Procedure Act

    In accordance with section 553(b) the Administrative Procedures Act 
(APA) (5 U.S.C. 553(b)), the Board finds, for good cause, that 
providing an opportunity for public comment is unnecessary. The 
amendments are solely technical amendments that change citations in two 
definitions from references to the Board's Regulation P to the CFPB's 
Regulation P, which contain identical definitions. The revisions result 
in no substantive change to the rule.

Paperwork Reduction Act

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3506; 5 CFR part 1320 Appendix A.1), the Board has reviewed the final 
rule under authority delegated to the Board by the Office of Management 
and Budget. The technical amendments to the Security Guidelines will 
revise the cross-references in the Security Guidelines to refer to the 
CFPB's version of Regulation P. The amendments do not change any 
substantive requirements of the regulation or currently approved 
information collections. Therefore, no additional paperwork burden will 
be imposed as a result of this rulemaking.

List of Subjects

12 CFR Part 208

    Banks, banking, Consumer protection, Federal Reserve System, 
Foreign banking, Holding companies, Information, Privacy, Reporting and 
recordkeeping requirements.

12 CFR Part 225

    Administrative practice and procedure, Banks, banking, Federal 
Reserve System, Holding companies, Privacy, Reporting and recordkeeping 
requirements, Securities.

Authority and Issuance

    For the reasons set forth in the preamble, the Board amends 
Regulations H and Y, 12 CFR parts 208 and 225 as follows:

PART 208--MEMBERSHIP OF STATE BANKING INSTITUTIONS IN THE FEDERAL 
RESERVE SYSTEM (REGULATION H)

0
1. The authority citation for part 208 continues to read as follows:

    Authority: 12 U.S.C. 24, 36, 92a, 93a, 248(a), 248(c), 321-338a, 
371d, 461, 481-486, 601, 611, 1814, 1816, 1818, 1820(d)(9), 1823(j), 
1828(o), 1831, 1831o, 1831p-1, 1831r-1, 1831w, 1831x, 1835a, 1882, 
2901-2907, 3105, 3310, 3331-3351, 3905-3909, and 5371; 15 U.S.C. 
78b, 78I(b), 78l(i), 780-4(c)(5), 78q, 78q-1, and 78w, 1681s, 1681w, 
6801, and 6805; 31 U.S.C. 5318; 42 U.S.C. 4012a, 4104a, 4104b, 4106 
and 4128.


0
2. Amend Appendix D-2 to part 208, as follows:
0
a. In section I.C.2.d., remove ``Sec.  216.3(h)'' and add in its place 
``Sec.  1016.3(i)''; and
0
b. In section I.C.2.e., remove ``Sec.  216.3(n)'' and add in its place 
``Sec.  1016.3(p).''

PART 225--BANK HOLDING COMPANIES AND CHANGE IN BANK CONTROL 
(REGULATION Y)

0
3. The authority citation for part 225 continues to read as follows:

    Authority: 12 U.S.C. 1817(j)(13), 1818, 1828(o), 1831i, 1831p-1, 
1843(c)(8), 1844(b),

[[Page 37167]]

1972(1), 3106, 3108, 3310, 3331-3351, 3907, and 3909; 15 U.S.C. 
1681s, 1681w, 6801 and 6805.


0
4. Amend Appendix F to part 225, as follows:
0
a. In section I.C.2.b., remove ``Sec.  216.3(h)'' and add in its place 
``Sec.  1016.3(i)''; and
0
b. In section I.C.2.c., remove ``Sec.  216.3(n)'' and add in its place 
``Sec.  1016.3(p).''

    By order of the Board of Governors of the Federal Reserve 
System, acting through the Secretary of the Board under delegated 
authority, June 25, 2014.
Robert deV. Frierson,
Secretary of the Board.
[FR Doc. 2014-15292 Filed 6-30-14; 8:45 am]
BILLING CODE 6210-01-P