Banking agencies promise new approach for handling sensitive information
The Federal Reserve, the FDIC and the Office of the Comptroller of the Currency today announced a “coordinated approach” to handling sensitive information used in bank audits, including a new pledge to notify banks of data breaches that threaten to reveal that information.
Joint statement it comes more than a year after the OCC notified Congress that a cyber incident led to unauthorized access to highly sensitive information about the financial health of the institutions the agency oversees. The agencies said in a statement that they would rely on the bank’s management to identify data and documents requested for the exams that should be considered highly sensitive.
“For highly sensitive information, the (Federal Banking Agencies or FBA) will consider a number of possible options to reduce collection and storage by the FBA, including on-site review, direct digital review from the supervised bank’s system, redacted or condensed versions of documents, and additional measures related to the transfer and access of sensitive information,” they said.
The agencies also committed to notify banks of a confirmed or suspected leak of their sensitive data “as soon as possible and within no more than 72 hours, after the affected agency has reasonable grounds to believe that a compromise has occurred and determines the affected banks, subject to applicable legal considerations.”
The agencies also plan to provide their interrogators with written instructions and training on handling sensitive information, according to the statement.
