Cyber: Banking regulators weigh in

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

November 2016


Last month, the Fed, OCC, and FDIC jointly issued an ANPR intended to strengthen the abilities of large, interconnected financial services organizations to prevent and recover from cyber attacks.

The ANPR goes beyond existing regulatory guidance and industry practice in several ways. For example, the proposal calls for secure offline storage of critical data and requires that critical systems are able to recover from a disruption with two hours, which will be challenging requirements for most organizations to meet. Additionally, the proposal applies directly to third party service providers, whose cyber practices are not as sophisticated as large financial services entities.

This Financial crimes observer analyzes the ANPR’s requirement, identifying key challenges.

Contact us

Dan Ryan

Partner, PwC US

Follow us