The Federal Reserve, FDIC and Office of the Comptroller of the Currency today announced a “coordinated approach” for handling sensitive information used in bank examinations, including a new pledge to notify banks about data breaches that threaten to expose that information.
The joint statement comes more than a year after the OCC notified Congress that a cyber incident led to unauthorized access of highly sensitive information about the financial condition of the institutions the agency supervises. In the statement, the agencies said they will rely on bank management to identify data and documents requested for exams that should be considered highly sensitive.
“For highly sensitive information, the [federal banking agencies, or FBAs] will consider a range of potential options to minimize collection and storage by the FBAs, including on-site review, direct digital review from the systems of the supervised bank, redacted or summarized versions of documents, and additional measures related to transmission of, and access to, sensitive information,” they said.
The agencies also committed to notifying banks of a confirmed or suspected leak of their sensitive information “as soon as practicable and within no more than 72 hours, once the agency impacted has a reasonable basis to believe a compromise has occurred and determines the banks affected, subject to applicable legal considerations.”
The agencies also plan to provide their examiners with written guidance and training on handling sensitive information, according to the statement.








