Advanced Notice of Proposed Rulemaking (ANPR)

  • Share

On Wednesday, October 19, 2016, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the Federal Reserve (FRB) (collectively, the agencies) jointly announced enhanced cyber risk management standards for financial institutions in the form of an Advance Notice of Proposed Rulemaking (ANPR). The ANPR outlines enhanced cybersecurity risk management and resilience standards that would apply to large and interconnected entities under the agencies’ supervision.

Put simply, the proposals would constitute the most significant and demanding standards relevant to cybersecurity applied to major financial services firms operating in the United States, both banks and nonbanking, including financial market utilities/infrastructures (covered entities) and to the services provided to them by their vendors, suppliers and other third parties (covered services).

This Regulatory Alert outlines:

  • What is an Advance Notice of Proposed Rulemaking?
  • What firms would be affected?
  • Why is the cyber ANPR so significant?
  • What are the key requirements?
  • How will the ANPR be implemented?
EY Omni-channel report 2015

Download report for full details