[Federal Register Volume 82, Number 14 (Tuesday, January 24, 2017)]
[Proposed Rules]
[Page 8172]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-01539]


 ========================================================================
 Proposed Rules
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains notices to the public of 
 the proposed issuance of rules and regulations. The purpose of these 
 notices is to give interested persons an opportunity to participate in 
 the rule making prior to the adoption of the final rules.
 
 ========================================================================
 

  Federal Register / Vol. 82, No. 14 / Tuesday, January 24, 2017 / 
Proposed Rules  

[[Page 8172]]



DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 30

[Docket ID OCC-2016-0016]
RIN 1557-AE06

FEDERAL RESERVE SYSTEM

12 CFR Chapter II

[Docket No. R-1550]
RIN 7100-AE 61

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 364

RIN 3064-AE45


Enhanced Cyber Risk Management Standards

AGENCY: The Board of Governors of the Federal Reserve System; the 
Office of the Comptroller of the Currency; and the Federal Deposit 
Insurance Corporation.

ACTION: Joint advance notice of proposed rulemaking; re-opening of 
comment period.

-----------------------------------------------------------------------

SUMMARY: On October 26, 2016, the Board of Governors of the Federal 
Reserve System (Board), the Office of the Comptroller of the Currency 
(OCC), and the Federal Deposit Insurance Corporation (FDIC) 
(collectively, the agencies) published in the Federal Register an 
advance notice of proposed rulemaking (ANPR) regarding enhanced cyber 
risk management standards (enhanced standards) for large and 
interconnected entities under their supervision and those entities' 
service providers. The ANPR addresses five categories of cyber 
standards: Cyber risk governance; cyber risk management; internal 
dependency management; external dependency management; and incident 
response, cyber resilience, and situational awareness. Due to the range 
and complexity of the issues addressed in the ANPR, the public comment 
period has been extended until February 17, 2017. This action will 
allow interested persons additional time to analyze the proposal and 
prepare their comments.

DATES: The comment period for the advance notice of proposed rulemaking 
published on October 26, 2016, (81 FR 74315) regarding enhanced cyber 
risk management standards is extended from January 17, 2017, to 
February 17, 2017.

ADDRESSES: You may submit comments by any of the methods identified in 
the ANPR.\1\ Please submit your comments using only one method.
---------------------------------------------------------------------------

    \1\ See 81 FR 74315 (October 26, 2016).

FOR FURTHER INFORMATION CONTACT: 
    Board: Anna Lee Hewko, Associate Director, (202) 530-6260; or 
Matthew Hayduk, Manager, (202) 973-6190; or Julia Philipp, Senior 
Supervisory Financial Analyst, (202) 452-3940; or Christopher Olson, 
Senior Supervisory Financial Analyst, (202) 912-4609, Division of 
Banking Supervision and Regulation; or Benjamin W. McDonough, Special 
Counsel, (202) 452-2036; or Claudia Von Pervieux, Counsel, (202) 452-
2552; or Michelle Kidd, Counsel, (202) 736-5554, Legal Division; for 
persons who are deaf or hard of hearing, TTY (202) 263-4869.
    OCC: Bethany Dugan, Deputy Comptroller for Operational Risk, (202) 
649-6949; or Kevin Greenfield, Director, Bank Information Technology, 
(202) 649-6954; or Eric Gott, Risk Team Lead for Governance and 
Operational Risk, Large Bank Supervision, (202) 649-7181; or Patrick 
Kelly, Bank Examiner, Critical Infrastructure Protection, (202) 649-
5519; or Carl Kaminski, Special Counsel, Beth Knickerbocker, Counsel, 
or Rima Kundnani, Attorney, Legislative and Regulatory Activities 
Division, (202) 649-5490 or, for persons who are deaf or hard of 
hearing, TTY, (202) 649-5597, Office of the Comptroller of the 
Currency, 400 7th Street SW., Washington, DC 20219.
    FDIC: Donald Saxinger, Senior Examination Specialist, IT 
Supervision Branch, Division of Risk Management Supervision, (703) 254-
0214; or John Dorsey, Counsel, Supervision & Legislation Branch, Legal 
Division, (202) 898-3807.

SUPPLEMENTARY INFORMATION:  On October 26, 2016, the agencies published 
in the Federal Register an advance notice of proposed rulemaking 
regarding enhanced cyber risk management standards (enhanced standards) 
for large and interconnected entities under their supervision and those 
entities' service providers.\2\ The ANPR stated that the public comment 
period would close on January 17, 2017.\3\
---------------------------------------------------------------------------

    \2\ Id.
    \3\ Id.
---------------------------------------------------------------------------

    The agencies received a number of requests to extend the comment 
period for the ANPR. Due to the range and complexity of the issues 
addressed in the ANPR, the agencies believe it is appropriate to extend 
the public comment period until February 17, 2017. This action will 
allow interested persons additional time to analyze the proposal and 
prepare their comments.

    Dated: January 13, 2017.
Thomas J. Curry,
Comptroller of the Currency.
    By order of the Board of Governors of the Federal Reserve 
System, acting through the Secretary of the Board under delegated 
authority, January 10, 2017.
Robert deV. Frierson,
Secretary of the Board.
    Dated: January 13, 2017.

Federal Deposit Insurance Corporation by,
Valerie Best,
Assistant Executive Secretary.
[FR Doc. 2017-01539 Filed 1-23-17; 8:45 am]
 BILLING CODE 4810-33-P; 6210-01-P; 6714-01-P