U.S. banking agencies issue joint guidance on handling sensitive exam data
Federal banking regulators are setting a common framework for how highly sensitive information is identified and handled during supervisory examinations of community banks. The policy includes options to limit the collection and storage of such data and sets a notification window of no more than 72 hours for affected banks in the event of a potential or confirmed material breach involving confidential supervisory information.
Highlights
- The OCC, Federal Reserve Board, and FDIC issued a joint statement outlining coordinated rules for handling highly sensitive information in community bank examinations.
- The new guidance aims to limit collection and storage of sensitive data, specifying procedures for identifying and minimizing the handling of such information.
- Agencies will notify affected banks within 72 hours in the event of a material data breach involving confidential supervisory information, reinforcing sector-wide operational risk management.
Coordinated rules for community bank examinations
As reported by OCC, citing the Office of the Comptroller of the Currency, the OCC, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation are issuing a joint statement on the treatment of highly sensitive information during examinations of supervised banks. The agencies say they recognize the sensitivity of bank data used in the examination process and are committed to protecting it under applicable confidentiality laws, regulations and data security standards.The joint statement applies to examinations of community banks. It outlines a coordinated approach for identifying data and documents requested during an examination that could be considered highly sensitive information.
The statement also describes a range of options intended to reduce how much highly sensitive information the agencies collect and store during the supervisory process.
Breach notification standard and sector impact
The agencies also commit to notifying affected banks as soon as practicable, and within no more than 72 hours, if there is a potential or confirmed material data breach involving confidential supervisory information, subject to applicable legal considerations.For community banks, the framework signals a more standardized federal approach to examination data handling at a time when cybersecurity and confidentiality controls remain a key operational risk issue across the U.S. banking sector. The OCC lists the Compliance and Operational Risk Division in the Office of the Chief National Bank Examiner as the contact point for further information.
Our earlier coverage of Kansas City Fed President Jeff Schmid’s comments focused on inflation remaining stubbornly above the Fed’s 2% target and staying central to policy discussions ahead of the late-July meeting. The piece also noted market expectations for a possible September rate hike and highlighted the Fed’s emphasis on transparency and cautious forward guidance under Chairman Kevin Warsh.
Latest NCUA News
- Forex
- Crypto