On October 19, the Department of the Treasury, the Federal Reserve Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation issued a joint advance notice of proposed rulemaking regarding enhanced cyber-risk management standards for large and interconnected entities under their supervision and those entities' service providers. The proposed rulemaking addresses five categories of cyber standards: cyber-risk governance; cyber-risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness. The comment period runs until January 17, 2017.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.