OFR_2016_Financial-Stability-Report
OFR_2016_Financial-Stability-Report
OFR_2016_Financial-Stability-Report
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Figure 46. U.S. <strong>Financial</strong> Regulatory Guidance on Cybersecurity<br />
Regulatory Body<br />
Relevant Cybersecurity<br />
Guidance<br />
Institution<br />
Federal <strong>Financial</strong> Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool Banks<br />
member agencies (Consumer <strong>Financial</strong> Protection Bureau, Federal<br />
Deposit Insurance Corporation, Federal Reserve Board of<br />
and IT Examination Handbook<br />
Governors, National Credit Union Administration, Office of the<br />
Comptroller of the Currency, FFIEC State Liaison Committee)<br />
Bank holding companies<br />
Federal savings associations<br />
Credit unions<br />
Securities and Exchange Commission Regulation SCI Registered clearing agencies<br />
Stock and option exchanges<br />
Municipal Securities Rulemaking<br />
Board<br />
High-volume alternative trading<br />
systems<br />
Securities information<br />
processors<br />
<strong>Financial</strong> Industry Regulatory<br />
Authority<br />
State insurance regulators via National Association of Insurance<br />
Commissioners (NAIC)<br />
Federal Housing Finance Agency<br />
Commodity Futures Trading Commission<br />
Regulation S-P<br />
<strong>Financial</strong> Condition Examiners<br />
Handbook and<br />
Market Regulation Handbook<br />
Advisory Bulletin 2014-05, Cyber<br />
Risk Management Guidance<br />
Policy Guidance PG-01-002, Safety<br />
and Soundness Standards for<br />
Information<br />
System Safeguards Testing<br />
Requirements<br />
System Safeguards Testing<br />
Requirements for Derivatives<br />
Clearing Organizations<br />
Broker-dealers<br />
Investment companies<br />
Investment advisers<br />
Insurers<br />
Government-sponsored enterprises<br />
Federal Home Loan Banks<br />
Government-sponsored enterprises<br />
Designated contract markets<br />
Swap execution facilities<br />
Swap data repositories<br />
Derivatives clearing<br />
organizations<br />
National Futures Association Interpretive Notice 9070 Futures commission<br />
merchants<br />
Commodity trading advisors<br />
Commodity pool operators<br />
Introducing brokers<br />
<strong>Financial</strong> Industry Regulatory Authority <strong>Report</strong> on Cybersecurity Practices Broker-dealers<br />
Note: Several proposed rules are related to financial institution cybersecurity: the SEC’s Adviser Business Continuity and Transition Plans<br />
Rule (June <strong>2016</strong>); the Federal Reserve, Office of the Comptroller of the Currency, and Federal Deposit Insurance Corporation joint proposed<br />
rule for Enhanced Cyber Risk Management Standards (October <strong>2016</strong>); and NAIC’s Data Security Model Law (March <strong>2016</strong>).<br />
Source: <strong>OFR</strong> analysis<br />
46 <strong>2016</strong> | <strong>OFR</strong> <strong>Financial</strong> <strong>Stability</strong> <strong>Report</strong>