Skip to Content

Rule

Interagency Guidelines Establishing Information Security Standards

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Board of Governors of the Federal Reserve System.

ACTION:

Final rule; technical amendment.

SUMMARY:

The Board of Governors of the Federal Reserve System (Board) is amending Appendix D-2 of Regulation H and Appendix F of Regulation Y to correct citations to rules on privacy of consumer financial information.

DATES:

Effective Date: This rule is effective July 31, 2014.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Clinton Chen, Attorney, (202) 452-3952, Legal Division. For the hearing impaired only, Telecommunication Device for the Deaf (TDD), (202) 263-4869.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Section 501(b) of the Gramm-Leach-Bliley Act (GLB Act) [1] requires the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of Thrift Supervision (the Agencies), as well as the National Credit Union, the Securities and Exchange Commission, and the Federal Trade Commission, to establish appropriate standards for the financial institutions subject to their respective jurisdictions relating to the administrative, technical, and physical safeguards for customer records and information.

In February 2001, the Agencies issued a joint final rule implementing guidelines for establishing standards for safeguarding customer information under section 501(b) of the GLB Act.[2] The Board's versions of the guidelines (now entitled Interagency Guidelines Establishing Information Security Standards (Security Guidelines)) are codified in Appendix D-2 of Regulation H (12 CFR part 208) and Appendix F of Regulation Y (12 CFR part 225). In December 2004, the Agencies amended the Security Guidelines pursuant to section 628 of the Fair Credit Reporting Act,[3] which requires proper disposal of consumer information.[4] The Security Guidelines establish standards relating to administrative, technical, and physical safeguards to ensure the security, confidentiality, integrity and the proper disposal of consumer information. The Security Guidelines in the Board's Regulation H and Y currently cross-reference the definitions of “customer” and “customer information” in the Board's Regulation P (Privacy of Consumer Financial Information).

In May 2014, the Board approved the repeal of Regulation P, effective June 30, 2014.[5] The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) transferred rulemaking authority for a number of consumer financial protection laws from the Board and other agencies to the Consumer Financial Protection Bureau (CFPB), except with respect to certain motor vehicle dealers.[6] The transfer includes rulemaking authority for Regulation P under the financial privacy provisions of the GLB Act.[7] (The Dodd-Frank Act did not transfer responsibility for the Security Guidelines.) The CFPB has issued interim final rules that are substantially identical to the Board's Regulation P.

The Board is amending the cross-references in the Security Guidelines to refer to the CFPB's version of Regulation P. These amendments do not have any effect on the substantive requirements imposed by the Security Guidelines.

Administrative Procedure Act

In accordance with section 553(b) the Administrative Procedures Act (APA) (5 U.S.C. 553(b)), the Board finds, for good cause, that providing an opportunity for public comment is unnecessary. The amendments are solely technical amendments that change citations in two definitions from references to the Board's Regulation P to the CFPB's Regulation P, which contain identical definitions. The revisions result in no substantive change to the rule.

Paperwork Reduction Act

In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3506; 5 CFR part 1320 Appendix A.1), the Board has reviewed the final rule under authority delegated to the Board by the Office of Management and Budget. The technical amendments to the Security Guidelines will revise the cross-references in the Security Guidelines to refer to the CFPB's version of Regulation P. The amendments do not change any substantive requirements of the regulation or currently approved information collections. Therefore, no additional paperwork burden will be imposed as a result of this rulemaking.

Start List of Subjects

List of Subjects

12 CFR Part 208

  • Banks, banking
  • Consumer protection
  • Federal Reserve System
  • Foreign banking
  • Holding companies
  • Information
  • Privacy
  • Reporting and recordkeeping requirements

12 CFR Part 225

  • Administrative practice and procedure
  • Banks, banking
  • Federal Reserve System
  • Holding companies
  • Privacy
  • Reporting and recordkeeping requirements
  • Securities
End List of Subjects

Authority and Issuance

For the reasons set forth in the preamble, the Board amends Regulations H and Y, 12 CFR parts 208 and 225 as follows:

Start Part

PART 208—MEMBERSHIP OF STATE BANKING INSTITUTIONS IN THE FEDERAL RESERVE SYSTEM (REGULATION H)

End Part Start Amendment Part

1. The authority citation for part 208 continues to read as follows:

End Amendment Part Start Authority

Authority: 12 U.S.C. 24, 36, 92a, 93a, 248(a), 248(c), 321-338a, 371d, 461, 481-486, 601, 611, 1814, 1816, 1818, 1820(d)(9), 1823(j), 1828(o), 1831, 1831o, 1831p-1, 1831r-1, 1831w, 1831x, 1835a, 1882, 2901-2907, 3105, 3310, 3331-3351, 3905-3909, and 5371; 15 U.S.C. 78b, 78I(b), 78l(i), 780-4(c)(5), 78q, 78q-1, and 78w, 1681s, 1681w, 6801, and 6805; 31 U.S.C. 5318; 42 U.S.C. 4012a, 4104a, 4104b, 4106 and 4128.

End Authority Start Amendment Part

2. Amend Appendix D-2 to part 208, as follows:

End Amendment Part Start Amendment Part

a. In section I.C.2.d., remove “§ 216.3(h)” and add in its place “§ 1016.3(i)”; and

End Amendment Part Start Amendment Part

b. In section I.C.2.e., remove “§ 216.3(n)” and add in its place “§ 1016.3(p).”

End Amendment Part Start Part

PART 225—BANK HOLDING COMPANIES AND CHANGE IN BANK CONTROL (REGULATION Y)

End Part Start Amendment Part

3. The authority citation for part 225 continues to read as follows:

End Amendment Part Start Authority

Authority: 12 U.S.C. 1817(j)(13), 1818, 1828(o), 1831i, 1831p-1, 1843(c)(8), 1844(b), Start Printed Page 371671972(1), 3106, 3108, 3310, 3331-3351, 3907, and 3909; 15 U.S.C. 1681s, 1681w, 6801 and 6805.

End Authority Start Amendment Part

4. Amend Appendix F to part 225, as follows:

End Amendment Part Start Amendment Part

a. In section I.C.2.b., remove “§ 216.3(h)” and add in its place “§ 1016.3(i)”; and

End Amendment Part Start Amendment Part

b. In section I.C.2.c., remove “§ 216.3(n)” and add in its place “§ 1016.3(p).”

End Amendment Part Start Signature

By order of the Board of Governors of the Federal Reserve System, acting through the Secretary of the Board under delegated authority, June 25, 2014.

Robert deV. Frierson,

Secretary of the Board.

End Signature End Supplemental Information

Footnotes

2.  66 FR 8616 (Feb. 1, 2001).

Back to Citation

3.  15 U.S.C. 1681w. This section was added by section 216 of the Fair and Accurate Credit Transactions Act of 2003.

Back to Citation

4.  69 FR 77610 (Dec. 28, 2004).

Back to Citation

5.  79 FR 30708 (May 29, 2014).

Back to Citation

6.  Pub. L. 111-203, 124 Stat. 1376 (Jul. 21, 2010).

Back to Citation

7.  The GLB Act's privacy provisions are contained in sections 502 and 503 of that Act. 15 U.S.C. 6802-6803.

Back to Citation

[FR Doc. 2014-15292 Filed 6-30-14; 8:45 am]

BILLING CODE 6210-01-P