New
collection (Request for a new OMB Control Number)
No
Regular
01/13/2021
Requested
Previously Approved
36 Months From Approved
898
0
2,694
0
0
0
The Office of the Comptroller of the
Currency (OCC), Board of Governors of the Federal Reserve System
(Board), and the Federal Deposit Insurance Corporation (FDIC)
(collectively, the agencies) are issuing a notice of proposed
rulemaking (the proposal or proposed rule) that would require a
banking organization to notify its primary federal regulator upon
the occurrence of a significant computer security incident. This
notification requirement is intended to serve as an early alert to
a banking organization’s primary federal regulator and is not
intended to include an assessment of the incident. The proposed
rule would allow a banking organization to authorize or contract
with a bank service provider to allow the bank service provider to
make the relevant notifications to the banking organization’s
primary federal regulator on the banking organization’s behalf.
Moreover, a bank service provider as defined herein and in
accordance with the Bank Service Company Act (BSCA) would be
required to notify affected banking organization customers within
four hours of when it experiences a computer-security incident that
it reasonably believes could disrupt, degrade, or impair services
provided subject to the BSCA for four or more hours. “Bank service
providers” would include both bank service companies and
third-party service providers, under the BSCA.
US Code:
12
USC 1811 Name of Law: Federal Deposit Insurance Act
US Code: 12
USC 1813 Name of Law: Federal Deposit Insurance Act
US Code: 12
USC 1617 Name of Law: Federal Deposit Insurance Act
US Code: 12
USC 1819 Name of Law: Federal Deposit Insurance Act
US Code:
12 USC 1861-1867 Name of Law: Federal Deposit Insurance Act
US Code: 12
USC 1463 Name of Law: Supervision of Savings Associations
The FDIC proposes to issue a
regulation that would require a banking organization to provide its
primary federal regulator with prompt notification of any
“computer-security incident” that rises to the level of a
“notification incident” as defined in the proposed rule.
No
No
No
No
No
No
No
Manuel Cabeza 202 898-3781
mcabeza@fdic.gov
No
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.