Je veux savoir à propos de…

Federal Register / Vol. 86, No. 7 / Tuesday, January 12, 2021 / Proposed Rules organization customers immediately after it experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair the provision of services subject to the BSCA for four or more hours. As described in the Impact Analysis section above, the agencies believe that any additional compliance costs would be de minimis for each affected bank service provider.
Given that the costs of the proposed rule would be de minimis, the FDIC
certifies that the proposed rule would not have a significant economic impact on a substantial number of small entities. The FDIC invites comments on all aspects of the supporting information provided in this RFA section. In particular, would this proposed rule have any significant effects on small entities that the FDIC has not identified?
Plain Language Section 722 of the GLBA 38 requires the agencies to use plain language in all proposed and final rules published after January 1, 2000. The agencies have sought to present the proposed rule in a simple and straightforward manner and invite comment on the use of plain language. For example:

khammond on DSKJM1Z7X2PROD with PROPOSALS

1. How could the agencies organize the material to better suit your needs? How could they present the proposed rule more clearly?
2. How could the requirements in the proposed rule be more clearly stated?
3. Do the regulations contain technical language or jargon that is not clear? If so, which language requires clarification?
4. Would a different format grouping and order of sections, use of headings, paragraphing make the regulation easier to understand? If so, what changes would achieve that?
5. Would more, but shorter, sections be better? If so, which sections should be changed?
6. What other changes can the agencies incorporate to make the regulation easier to understand?

OCC Unfunded Mandates Reform Act of 1995 Determination The OCC analyzed the proposed rule under the factors set forth in the Unfunded Mandates Reform Act of 1995
UMRA 2 U.S.C. 1532. Under this analysis, the OCC considered whether the proposed rule includes a federal mandate that may result in the expenditure by State, local, and Tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year, adjusted for inflation currently $157 million. As noted in the OCCs Regulatory Flexibility analysis, the OCC expects that the costs associated with the proposal, if any,
would be de minimis and, thus, has determined that this proposed rule would not result in expenditures by State, local, and Tribal governments, or the private sector, of $157 million or more in any one year. Accordingly, the OCC has not prepared a written statement to accompany this proposal.
Riegle Community Development and Regulatory Improvement Act of 1994
The Riegle Community Development and Regulatory Improvement Act of 1994 RCDRIA 39 requires that each federal banking agency, in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting, disclosure, or other requirements on insured depository institutions, consider, consistent with principles of safety and soundness and the public interest, any administrative burdens that such regulations would place on depository institutions, including small depository institutions, and customers of depository institutions, as well as the benefits of such regulations. In addition, new regulations and amendments to regulations that impose additional reporting, disclosure, or other new requirements on insured depository institutions generally must take effect on the first day of a calendar quarter that begins on or after the date on which the regulations are published in final form.40 The agencies invite comments that further will inform their consideration of the RCDRIA.
List of Subjects 12 CFR Part 53
Administrative practice and procedure, Federal Savings Associations, National Banks, Reporting and recordkeeping requirements, Safety and soundness.
12 CFR Part 225
Administrative practice and procedure, Bank holding companies, banking, Edge and agreement corporations, Foreign banking organizations, Reporting and recordkeeping requirements, Safety and soundness, Savings and loan holding companies, State member banks.
12 CFR Part 304
Administrative practice and procedure, Bank deposit insurance, Banks, banking, Freedom of information, Reporting and recordkeeping requirements, Safety and soundness.
39 Public
38 Codified
at 12 U.S.C. 4809.

VerDate Sep<11>2014

16:31 Jan 11, 2021

40 12

Jkt 253001

PO 00000

Law 103325, 108 Stat. 2160.
U.S.C. 4802b1.

Frm 00011

Fmt 4702

Sfmt 4702

2309

Authority and Issuance For the reasons stated in the Common Preamble and under the authority of 12
U.S.C. 1, 93a, 161, 481, 1463, 1464, 18611867, and 3102, the Office of the Comptroller of the Currency proposes to amend chapter I of Title 12, Code of Federal Regulations, as follows:
1. Part 53 is added to read as follows:
PART 53COMPUTER-SECURITY
INCIDENT NOTIFICATION
Sec.
53.1
53.2
53.3
53.4

Authority, purpose, and scope.
Definitions.
Notification.
Bank service provider notification.

Authority: 12 U.S.C. 1, 93a, 161, 481, 1463, 1464, 18611867, and 3102.
53.1

Authority, purpose, and scope.

a Authority. This part is issued under the authority of 12 U.S.C. 1, 93a, 161, 481, 1463, 1464, 18611867, and 3102.
b Purpose. This part promotes the timely notification of significant computer-security incidents that affect OCC-supervised institutions and their service providers.
c Scope. This part applies to all national banks, Federal savings associations, and Federal branches and agencies of foreign banks. This part also applies to bank service providers, as defined in 53.2b2.
53.2

Definitions.

a Except as modified in this part, or unless the context otherwise requires, the terms used in this part have the same meanings as set forth in 12 U.S.C.
1813.
b For purposes of this part, the following definitions apply 1 Banking organization means a national bank, Federal savings association, or Federal branch or agency of a foreign bank.
2 Bank service provider means a bank service company or other person providing services to a banking organization that is subject to the Bank Service Company Act 12 U.S.C. 1861
1867.
3 Business line means products or services offered by a banking organization to serve its customers or support other business needs.
4 Computer-security incident is an occurrence that i Results in actual or potential harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits; or ii Constitutes a violation or imminent threat of violation of security
E:FRFM12JAP1.SGM

12JAP1