Financial sector: New rulemaking codifies risk-management approach to cybersecurity

A new proposed rulemaking by financial sector regulators “embeds” into regulation a cyber-risk management approach to addressing cybersecurity that jibes with what financial institutions are already doing, according to industry sources.

The Treasury Department, Federal Reserve, and Federal Deposit Insurance Corporation last week issued a notice of proposed rulemaking establishing new “enhanced cyber risk management standards” for the financial sector in an effort to “increase the operational resilience of these entities and reduce the impact on the financial system...