Comments due on Fed Reg HH proposal
The Federal Reserve Board has announced a Notice of Proposed Rulemaking that would amend the requirements relating to operational risk management in the Board’s Regulation HH, which applies to certain financial market utilities that have been designated as systemically important (designated FMUs) by the Financial Stability Oversight Council (FSOC) under Title VIII of the Dodd-Frank Act.
The proposal would update, refine, and add specificity to the operational risk management requirements in Regulation HH to reflect changes in the operational risk, technology, and regulatory landscapes in which designated FMUs operate since the Board last amended this regulation in 2014. The proposal would also adopt specific incident-notification requirements.
The proposal addresses four key areas:
- incident management and notification
- business continuity management and planning
- third-party risk management
- review and testing of operational risk management measures
For example, the proposal would explicitly require FMUs to establish an incident management framework and would emphasize the need for FMUs to continue to advance their cyber resilience capabilities. The proposed updates are largely consistent with existing measures that FMUs take to comply with the current requirements.
Comments on the proposal will be accepted for 60 days following publication in the Federal Register.
Publication and comment period update: Published at 87 FR 60314 in the 10/5/2022 , with a comment period ending 12/5/2022.