Guidance Issued on Response Programs for Unauthorized Access to Customer Information and Customer Notice - Circulars

Museum & Visits Regional Economy Data & Statistics Careers Blog Press Center

About the New York Fed
- About the New York Fed
- What We Do
- Who We Are
  - Bank Leadership
  - Diversity and Inclusion
- Communities We Serve
- Governance
- More About Us
- At the New York Fed, our mission is to make the U.S. economy stronger and the financial system more stable for all segments of society. We do this by executing monetary policy, providing financial services, supervising banks and conducting research and providing expertise on issues that impact the nation and communities we serve.
  
  Introducing the New York Innovation Center: Delivering a central bank innovation execution
  
  Do you have a request for information and records? Learn how to submit it.
  
  Learn about the history of the New York Fed and central banking in the United States through articles, speeches, photos and video.
Markets & Policy Implementation

Economic Research
- Economic Research
- U.S. Economy
  - Consumer Expectations & Behavior
  - Growth & Inflation
  - Labor Market
  - Financial Stability
  - Banking
- REGIONAL ECONOMY
- RESEARCHERS
  - PUBLICATIONS
  - RESEARCH CENTERS
  - CALENDAR

Financial Institution Supervision
- Financial Institution Supervision
- Supervision & Regulation
  - Circulars
  - Regulations
- Reporting Forms & Instructions
  - Reporting Forms
  - Correspondence
- Bank Applications
- Consumer Protection
  - Community Reinvestment Act Exams
  - Frauds and Scams
- As part of our core mission, we supervise and regulate financial institutions in the Second District. Our primary objective is to maintain a safe and competitive U.S. and global banking system.
  
  The Governance & Culture Reform hub is designed to foster discussion about corporate governance and the reform of culture and behavior in the financial services industry.
  
  Need to file a report with the New York Fed? Here are all of the forms, instructions and other information related to regulatory and statistical reporting in one spot.
  
  The New York Fed works to protect consumers as well as provides information and resources on how to avoid and report specific scams.
Financial Services & Infrastructure
- Financial Services & Infrastructure
- Financial Services & Operations
- Financial Market Infrastructure & Reform
- The Federal Reserve Bank of New York works to promote sound and well-functioning financial systems and markets through its provision of industry and payment services, advancement of infrastructure reform in key markets and training and educational support to international institutions.
  
  The New York Fed provides a wide range of payment services for financial institutions and the U.S. government.
  
  The New York Fed offers the Central Banking Seminar and several specialized courses for central bankers and financial supervisors.
  
  The New York Fed has been working with tri-party repo market participants to make changes to improve the resiliency of the market to financial stress.
Community Development
& Education

Circular

Guidance Issued on Response Programs for Unauthorized Access to Customer Information and Customer Notice

December 7, 2005

Circular No. 11752

To All Depository Institutions and Others Concerned
in the Second Federal Reserve District:

A joint Supervision and Regulation and Consumer Affairs Letter from the Board of Governors of the Federal Reserve System establishes the Federal Reserve’s expectations for financial institutions and supervisory personnel with respect to the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice (Guidance).

The Guidance, which has been effective since March 29, 2005, interprets the Interagency Guidelines Establishing Information Security Standards (Security Guidelines) and states that each financial institution should implement a response program to address unauthorized access to customer information maintained by the institution or its service providers.

The Guidance describes the components of a response program, including procedures to notify customers about incidents that involve unauthorized access to sensitive customer information.

When evaluating the adequacy of a financial institution’s information security program required by the Security Guidelines, the Federal Reserve will consider whether the bank has developed and implemented a response program including notification procedures as described in the Guidance. An institution’s response program should contain procedures for the following:

assessing the nature and scope of an incident and identifying what customer information systems and types of customer information have been accessed or misused,
notifying the institution’s primary federal regulator as soon as possible once the institution becomes aware of an incident involving unauthorized access to or use of sensitive customer information,
complying with applicable suspicious activity reporting regulations and guidance to ensure appropriate law enforcement authorities are notified in a timely manner,
taking appropriate steps to contain and control the incident to prevent further unauthorized access to or use of customer information, for example, by monitoring, freezing or closing affected accounts, and
notifying customers as soon as possible when it is determined that misuse of sensitive customer information has occurred or is reasonably possible.

Read the SR/CA letter and interagency guidance below for complete details.

SR 05-23/CA 05-10 ›› OFFSITE

Interagency guidance ›› OFFSITE

Contacts:
Thomas Oravez
Assistant Vice President
Risk Management
thomas.oravez@ny.frb.org
(212) 720-2118

John Ricketti
Vice President
Risk Management
john.ricketti@ny.frb.org
(212) 720-2192

William L. Rutledge
Executive Vice President

By continuing to use our site, you agree to our Terms of Use and Privacy Statement. You can learn more about how we use cookies by reviewing our Privacy Statement.