Interagency Guidelines Establishing Information Security Standards, 37166-37167 [2014-15292]

Download as PDF 37166 Federal Register / Vol. 79, No. 126 / Tuesday, July 1, 2014 / Rules and Regulations Signed in Washington, DC, on June 23, 2014. Brandon C. Willis, Manager, Federal Crop Insurance Corporation. [FR Doc. 2014–15074 Filed 6–30–14; 8:45 am] BILLING CODE 3410–08–P FEDERAL RESERVE SYSTEM 12 CFR Parts 208 and 225 [Docket No. R–1493 RIN 7100 AE–21] Interagency Guidelines Establishing Information Security Standards Board of Governors of the Federal Reserve System. ACTION: Final rule; technical amendment. AGENCY: The Board of Governors of the Federal Reserve System (Board) is amending Appendix D–2 of Regulation H and Appendix F of Regulation Y to correct citations to rules on privacy of consumer financial information. DATES: Effective Date: This rule is effective July 31, 2014. FOR FURTHER INFORMATION CONTACT: Clinton Chen, Attorney, (202) 452–3952, Legal Division. For the hearing impaired only, Telecommunication Device for the Deaf (TDD), (202) 263–4869. SUPPLEMENTARY INFORMATION: Section 501(b) of the Gramm-Leach-Bliley Act (GLB Act) 1 requires the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of Thrift Supervision (the Agencies), as well as the National Credit Union, the Securities and Exchange Commission, and the Federal Trade Commission, to establish appropriate standards for the financial institutions subject to their respective jurisdictions relating to the administrative, technical, and physical safeguards for customer records and information. In February 2001, the Agencies issued a joint final rule implementing guidelines for establishing standards for safeguarding customer information under section 501(b) of the GLB Act.2 The Board’s versions of the guidelines (now entitled Interagency Guidelines Establishing Information Security Standards (Security Guidelines)) are codified in Appendix D–2 of Regulation H (12 CFR part 208) and Appendix F of Regulation Y (12 CFR part 225). In December 2004, the Agencies amended pmangrum on DSK3VPTVN1PROD with RULES SUMMARY: 1 15 2 66 U.S.C. 6801. FR 8616 (Feb. 1, 2001). VerDate Mar<15>2010 15:01 Jun 30, 2014 Jkt 232001 the Security Guidelines pursuant to section 628 of the Fair Credit Reporting Act,3 which requires proper disposal of consumer information.4 The Security Guidelines establish standards relating to administrative, technical, and physical safeguards to ensure the security, confidentiality, integrity and the proper disposal of consumer information. The Security Guidelines in the Board’s Regulation H and Y currently cross-reference the definitions of ‘‘customer’’ and ‘‘customer information’’ in the Board’s Regulation P (Privacy of Consumer Financial Information). In May 2014, the Board approved the repeal of Regulation P, effective June 30, 2014.5 The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) transferred rulemaking authority for a number of consumer financial protection laws from the Board and other agencies to the Consumer Financial Protection Bureau (CFPB), except with respect to certain motor vehicle dealers.6 The transfer includes rulemaking authority for Regulation P under the financial privacy provisions of the GLB Act.7 (The DoddFrank Act did not transfer responsibility for the Security Guidelines.) The CFPB has issued interim final rules that are substantially identical to the Board’s Regulation P. The Board is amending the crossreferences in the Security Guidelines to refer to the CFPB’s version of Regulation P. These amendments do not have any effect on the substantive requirements imposed by the Security Guidelines. Administrative Procedure Act In accordance with section 553(b) the Administrative Procedures Act (APA) (5 U.S.C. 553(b)), the Board finds, for good cause, that providing an opportunity for public comment is unnecessary. The amendments are solely technical amendments that change citations in two definitions from references to the Board’s Regulation P to the CFPB’s Regulation P, which contain identical definitions. The revisions result in no substantive change to the rule. Paperwork Reduction Act In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3506; 5 CFR part 1320 Appendix A.1), the 3 15 U.S.C. 1681w. This section was added by section 216 of the Fair and Accurate Credit Transactions Act of 2003. 4 69 FR 77610 (Dec. 28, 2004). 5 79 FR 30708 (May 29, 2014). 6 Pub. L. 111–203, 124 Stat. 1376 (Jul. 21, 2010). 7 The GLB Act’s privacy provisions are contained in sections 502 and 503 of that Act. 15 U.S.C. 6802– 6803. PO 00000 Frm 00012 Fmt 4700 Sfmt 4700 Board has reviewed the final rule under authority delegated to the Board by the Office of Management and Budget. The technical amendments to the Security Guidelines will revise the crossreferences in the Security Guidelines to refer to the CFPB’s version of Regulation P. The amendments do not change any substantive requirements of the regulation or currently approved information collections. Therefore, no additional paperwork burden will be imposed as a result of this rulemaking. List of Subjects 12 CFR Part 208 Banks, banking, Consumer protection, Federal Reserve System, Foreign banking, Holding companies, Information, Privacy, Reporting and recordkeeping requirements. 12 CFR Part 225 Administrative practice and procedure, Banks, banking, Federal Reserve System, Holding companies, Privacy, Reporting and recordkeeping requirements, Securities. Authority and Issuance For the reasons set forth in the preamble, the Board amends Regulations H and Y, 12 CFR parts 208 and 225 as follows: PART 208—MEMBERSHIP OF STATE BANKING INSTITUTIONS IN THE FEDERAL RESERVE SYSTEM (REGULATION H) 1. The authority citation for part 208 continues to read as follows: ■ Authority: 12 U.S.C. 24, 36, 92a, 93a, 248(a), 248(c), 321–338a, 371d, 461, 481–486, 601, 611, 1814, 1816, 1818, 1820(d)(9), 1823(j), 1828(o), 1831, 1831o, 1831p–1, 1831r–1, 1831w, 1831x, 1835a, 1882, 2901– 2907, 3105, 3310, 3331–3351, 3905–3909, and 5371; 15 U.S.C. 78b, 78I(b), 78l(i), 780– 4(c)(5), 78q, 78q–1, and 78w, 1681s, 1681w, 6801, and 6805; 31 U.S.C. 5318; 42 U.S.C. 4012a, 4104a, 4104b, 4106 and 4128. 2. Amend Appendix D–2 to part 208, as follows: ■ a. In section I.C.2.d., remove ‘‘§ 216.3(h)’’ and add in its place ‘‘§ 1016.3(i)’’; and ■ b. In section I.C.2.e., remove ‘‘§ 216.3(n)’’ and add in its place ‘‘§ 1016.3(p).’’ ■ PART 225—BANK HOLDING COMPANIES AND CHANGE IN BANK CONTROL (REGULATION Y) 3. The authority citation for part 225 continues to read as follows: ■ Authority: 12 U.S.C. 1817(j)(13), 1818, 1828(o), 1831i, 1831p–1, 1843(c)(8), 1844(b), E:\FR\FM\01JYR1.SGM 01JYR1 Federal Register / Vol. 79, No. 126 / Tuesday, July 1, 2014 / Rules and Regulations 1972(1), 3106, 3108, 3310, 3331–3351, 3907, and 3909; 15 U.S.C. 1681s, 1681w, 6801 and 6805. 4. Amend Appendix F to part 225, as follows: ■ a. In section I.C.2.b., remove ‘‘§ 216.3(h)’’ and add in its place ‘‘§ 1016.3(i)’’; and ■ b. In section I.C.2.c., remove ‘‘§ 216.3(n)’’ and add in its place ‘‘§ 1016.3(p).’’ ■ By order of the Board of Governors of the Federal Reserve System, acting through the Secretary of the Board under delegated authority, June 25, 2014. Robert deV. Frierson, Secretary of the Board. [FR Doc. 2014–15292 Filed 6–30–14; 8:45 am] BILLING CODE 6210–01–P FEDERAL HOUSING FINANCE AGENCY 12 CFR Part 1238 [No. 2014–N–8] Order: Supplemental Order on Reporting by Regulated Entities of Stress Testing Results as of September 30, 2013 Federal Housing Finance Agency. ACTION: Orders. AGENCY: In this document, the Federal Housing Finance Agency (FHFA) provides notice that it issued an Order to supplement its Orders dated November 26, 2013 and December 13, 2013, with respect to the reporting of each Federal Home Loan Banks’ results under section 165(i)(2) of the DoddFrank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). DATES: Effective July 1, 2014. The Order is applicable June 24, 2014. FOR FURTHER INFORMATION CONTACT: Naa Awaa Tagoe, Senior Associate Director, Office of Financial Analysis, Modeling and Simulations, (202) 649–3140, naaawaa.tagoe@fhfa.gov; Stefan Szilagyi, Examination Manager, FHLBank Modeling, FHLBank Risk Modeling Branch, (202) 649–3515, stefan.szilagy@fhfa.gov; or Mark D. Laponsky, Deputy General Counsel, Office of General Counsel, (202) 649– 3054 (these are not toll-free numbers), mark.laponsky@fhfa.gov. The telephone number for the Telecommunications Device for the Hearing Impaired is (800) 877–8339. SUPPLEMENTARY INFORMATION: pmangrum on DSK3VPTVN1PROD with RULES SUMMARY: I. Background FHFA is responsible for ensuring that the regulated entities operate in a safe VerDate Mar<15>2010 15:01 Jun 30, 2014 Jkt 232001 and sound manner, including the maintenance of adequate capital and internal controls, that their operations and activities foster liquid, efficient, competitive, and resilient national housing finance markets, and that they carry out their public policy missions through authorized activities. See 12 U.S.C. 4513. The Supplemental Order is being issued under 12 U.S.C. 4514(a), which authorizes the Director of FHFA to require by Order that the regulated entities submit regular or special reports to FHFA and establishes remedies and procedures for failing to make reports required by Order. The Supplemental Order provides to the Federal Home Loan Banks a revised template to use in reporting to the public the severely adverse results of their respective stress tests. II. Order For the convenience of the affected parties, the text of the Order, without appendices, follows below in its entirety. You may access this Order with its attachment from FHFA’s Web site at http://www.fhfa.gov/ SupervisionRegulation/ LegalDocuments/Pages/Orders.aspx. The Order will be available for public inspection and copying at the Federal Housing Finance Agency, Eighth Floor, 400 Seventh St. SW., Washington, DC 20024. To make an appointment, call (202) 649–3804. The text of the Supplemental Order is as follows: Federal Housing Finance Agency Order No. 2014–OR–B–1 SUPPLEMENTAL ORDER ON REPORTING BY REGULATED ENTITIES OF STRESS TESTING RESULTS AS OF SEPTEMBER 30, 2013 Whereas, section 165(i)(2) of the DoddFrank Wall Street Reform and Consumer Protection Act (‘‘Dodd-Frank Act’’) requires certain financial companies with total consolidated assets of more than $10 billion, and which are regulated by a primary Federal financial regulatory agency, to conduct annual stress tests to determine whether the companies have the capital necessary to absorb losses as a result of adverse economic conditions; Whereas, FHFA’s rule implementing section 165(i)(2) of the Dodd-Frank Act is codified as 12 CFR part 1238 and requires that ‘‘[e]ach regulated entity must file a report in the manner and form established by FHFA.’’ 12 CFR § 1238.5(b); Whereas, on November 26, 2013, FHFA issued an Order to each regulated entity accompanied by appendices numbered 1 through 10 and amended Summary Instructions and Guidance relating to the performance of stress tests as of September 30, 2013, and the reporting of the results of such tests; PO 00000 Frm 00013 Fmt 4700 Sfmt 4700 37167 Whereas, on December 13, 2013, FHFA issued a Supplemental Order to each regulated entity providing two additional appendices for use in reporting stress testing results as of September 30, 2013; Whereas, each of the Federal Home Loan Banks timely submitted its stress test results pursuant to 12 CFR part 1238 and the implementing Orders, instructions, and guidance; Whereas, after analyzing the results of each of the Federal Home Loan Banks’ stress testing and the methodologies and practices used in testing, FHFA has determined that the original template designed for public disclosure of the severely adverse test results should be revised; and Whereas, section 1314 of the Safety and Soundness Act, 12 U.S.C. § 4514(a) authorizes the Director of FHFA to require regulated entities, by general or specific order, to submit such reports on their management, activities, and operations as the Director considers appropriate. Now Therefore, it is hereby ordered as follows: Each of the Federal Home Loan Banks shall publicly report as required by 12 CFR part 1238 the severely adverse results of the required stress testing using the template provided herewith as Attachment 1. It is so ordered, this 24th day of June 2014 This Order is effective immediately. Signed at Washington, DC, this 24th day of June, 2014. Melvin L. Watt, Director, Federal Housing Finance Agency. Dated: June 24, 2014. Melvin L. Watt, Director, Federal Housing Finance Agency. [FR Doc. 2014–15396 Filed 6–30–14; 8:45 am] BILLING CODE 8070–01–P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 [Docket No. FAA–2013–0953; Directorate Identifier 2013–NE–32–AD; Amendment 39– 17877; AD 2014–13–02] RIN 2120–AA64 Airworthiness Directives; Rolls-Royce plc Turbofan Engines Federal Aviation Administration (FAA), DOT. ACTION: Final rule. AGENCY: We are adopting a new airworthiness directive (AD) for certain Rolls-Royce plc (RR) RB211-Trent 875– 17, 877–17, 884–17, 884B–17, 892–17, 892B–17, and 895–17 turbofan engines. This AD requires inspection of the SUMMARY: E:\FR\FM\01JYR1.SGM 01JYR1

Agencies

[Federal Register Volume 79, Number 126 (Tuesday, July 1, 2014)]
[Rules and Regulations]
[Pages 37166-37167]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-15292]


=======================================================================
-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

12 CFR Parts 208 and 225

[Docket No. R-1493 RIN 7100 AE-21]


Interagency Guidelines Establishing Information Security 
Standards

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Final rule; technical amendment.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
is amending Appendix D-2 of Regulation H and Appendix F of Regulation Y 
to correct citations to rules on privacy of consumer financial 
information.

DATES: Effective Date: This rule is effective July 31, 2014.

FOR FURTHER INFORMATION CONTACT: Clinton Chen, Attorney, (202) 452-
3952, Legal Division. For the hearing impaired only, Telecommunication 
Device for the Deaf (TDD), (202) 263-4869.

SUPPLEMENTARY INFORMATION: Section 501(b) of the Gramm-Leach-Bliley Act 
(GLB Act) \1\ requires the Office of the Comptroller of the Currency, 
Board of Governors of the Federal Reserve System, Federal Deposit 
Insurance Corporation, and Office of Thrift Supervision (the Agencies), 
as well as the National Credit Union, the Securities and Exchange 
Commission, and the Federal Trade Commission, to establish appropriate 
standards for the financial institutions subject to their respective 
jurisdictions relating to the administrative, technical, and physical 
safeguards for customer records and information.
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 6801.
---------------------------------------------------------------------------

    In February 2001, the Agencies issued a joint final rule 
implementing guidelines for establishing standards for safeguarding 
customer information under section 501(b) of the GLB Act.\2\ The 
Board's versions of the guidelines (now entitled Interagency Guidelines 
Establishing Information Security Standards (Security Guidelines)) are 
codified in Appendix D-2 of Regulation H (12 CFR part 208) and Appendix 
F of Regulation Y (12 CFR part 225). In December 2004, the Agencies 
amended the Security Guidelines pursuant to section 628 of the Fair 
Credit Reporting Act,\3\ which requires proper disposal of consumer 
information.\4\ The Security Guidelines establish standards relating to 
administrative, technical, and physical safeguards to ensure the 
security, confidentiality, integrity and the proper disposal of 
consumer information. The Security Guidelines in the Board's Regulation 
H and Y currently cross-reference the definitions of ``customer'' and 
``customer information'' in the Board's Regulation P (Privacy of 
Consumer Financial Information).
---------------------------------------------------------------------------

    \2\ 66 FR 8616 (Feb. 1, 2001).
    \3\ 15 U.S.C. 1681w. This section was added by section 216 of 
the Fair and Accurate Credit Transactions Act of 2003.
    \4\ 69 FR 77610 (Dec. 28, 2004).
---------------------------------------------------------------------------

    In May 2014, the Board approved the repeal of Regulation P, 
effective June 30, 2014.\5\ The Dodd-Frank Wall Street Reform and 
Consumer Protection Act (Dodd-Frank Act) transferred rulemaking 
authority for a number of consumer financial protection laws from the 
Board and other agencies to the Consumer Financial Protection Bureau 
(CFPB), except with respect to certain motor vehicle dealers.\6\ The 
transfer includes rulemaking authority for Regulation P under the 
financial privacy provisions of the GLB Act.\7\ (The Dodd-Frank Act did 
not transfer responsibility for the Security Guidelines.) The CFPB has 
issued interim final rules that are substantially identical to the 
Board's Regulation P.
---------------------------------------------------------------------------

    \5\ 79 FR 30708 (May 29, 2014).
    \6\ Pub. L. 111-203, 124 Stat. 1376 (Jul. 21, 2010).
    \7\ The GLB Act's privacy provisions are contained in sections 
502 and 503 of that Act. 15 U.S.C. 6802-6803.
---------------------------------------------------------------------------

    The Board is amending the cross-references in the Security 
Guidelines to refer to the CFPB's version of Regulation P. These 
amendments do not have any effect on the substantive requirements 
imposed by the Security Guidelines.

Administrative Procedure Act

    In accordance with section 553(b) the Administrative Procedures Act 
(APA) (5 U.S.C. 553(b)), the Board finds, for good cause, that 
providing an opportunity for public comment is unnecessary. The 
amendments are solely technical amendments that change citations in two 
definitions from references to the Board's Regulation P to the CFPB's 
Regulation P, which contain identical definitions. The revisions result 
in no substantive change to the rule.

Paperwork Reduction Act

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3506; 5 CFR part 1320 Appendix A.1), the Board has reviewed the final 
rule under authority delegated to the Board by the Office of Management 
and Budget. The technical amendments to the Security Guidelines will 
revise the cross-references in the Security Guidelines to refer to the 
CFPB's version of Regulation P. The amendments do not change any 
substantive requirements of the regulation or currently approved 
information collections. Therefore, no additional paperwork burden will 
be imposed as a result of this rulemaking.

List of Subjects

12 CFR Part 208

    Banks, banking, Consumer protection, Federal Reserve System, 
Foreign banking, Holding companies, Information, Privacy, Reporting and 
recordkeeping requirements.

12 CFR Part 225

    Administrative practice and procedure, Banks, banking, Federal 
Reserve System, Holding companies, Privacy, Reporting and recordkeeping 
requirements, Securities.

Authority and Issuance

    For the reasons set forth in the preamble, the Board amends 
Regulations H and Y, 12 CFR parts 208 and 225 as follows:

PART 208--MEMBERSHIP OF STATE BANKING INSTITUTIONS IN THE FEDERAL 
RESERVE SYSTEM (REGULATION H)

0
1. The authority citation for part 208 continues to read as follows:

    Authority: 12 U.S.C. 24, 36, 92a, 93a, 248(a), 248(c), 321-338a, 
371d, 461, 481-486, 601, 611, 1814, 1816, 1818, 1820(d)(9), 1823(j), 
1828(o), 1831, 1831o, 1831p-1, 1831r-1, 1831w, 1831x, 1835a, 1882, 
2901-2907, 3105, 3310, 3331-3351, 3905-3909, and 5371; 15 U.S.C. 
78b, 78I(b), 78l(i), 780-4(c)(5), 78q, 78q-1, and 78w, 1681s, 1681w, 
6801, and 6805; 31 U.S.C. 5318; 42 U.S.C. 4012a, 4104a, 4104b, 4106 
and 4128.


0
2. Amend Appendix D-2 to part 208, as follows:
0
a. In section I.C.2.d., remove ``Sec.  216.3(h)'' and add in its place 
``Sec.  1016.3(i)''; and
0
b. In section I.C.2.e., remove ``Sec.  216.3(n)'' and add in its place 
``Sec.  1016.3(p).''

PART 225--BANK HOLDING COMPANIES AND CHANGE IN BANK CONTROL 
(REGULATION Y)

0
3. The authority citation for part 225 continues to read as follows:

    Authority: 12 U.S.C. 1817(j)(13), 1818, 1828(o), 1831i, 1831p-1, 
1843(c)(8), 1844(b),

[[Page 37167]]

1972(1), 3106, 3108, 3310, 3331-3351, 3907, and 3909; 15 U.S.C. 
1681s, 1681w, 6801 and 6805.


0
4. Amend Appendix F to part 225, as follows:
0
a. In section I.C.2.b., remove ``Sec.  216.3(h)'' and add in its place 
``Sec.  1016.3(i)''; and
0
b. In section I.C.2.c., remove ``Sec.  216.3(n)'' and add in its place 
``Sec.  1016.3(p).''

    By order of the Board of Governors of the Federal Reserve 
System, acting through the Secretary of the Board under delegated 
authority, June 25, 2014.
Robert deV. Frierson,
Secretary of the Board.
[FR Doc. 2014-15292 Filed 6-30-14; 8:45 am]
BILLING CODE 6210-01-P