The Fed, FDIC, and OCC Adopt New Protocol for Highly Sensitive Data

The Fed, FDIC, and OCC Introduce New Protocol to Protect Banks’ Highly Sensitive Information. (illustration image source: Pexels/ RDNE Stock project)

JAKARTA, Jakartaweekly.com — Three U.S. banking regulators—the Federal Reserve (the Fed), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC)—have introduced a new protocol to strengthen the protection of highly sensitive information during bank examinations. The policy is designed to minimize the risk of data exposure while maintaining the effectiveness of supervisory activities.

In a joint memorandum released on Friday, July 17, 2026 (U.S. time), the three regulators announced that they will adopt a coordinated approach to handling highly sensitive data during examinations of banks under their supervision.

Under the new approach, the regulators will reduce the collection and storage of highly sensitive documents by relying on a range of alternative methods.

These include on-site reviews, direct digital reviews from a bank’s own systems, the use of redacted documents, and summary versions of documents where legally permissible.

The regulators will also give bank management a greater role in identifying documents they consider highly sensitive before an examination begins. Examiners will then determine whether the information requires additional safeguards during the supervisory process.

The categories of highly sensitive information include technology and network diagrams, detailed penetration test results, technical details of information technology control weaknesses, and succession planning documents.

The three agencies emphasized that protecting banks’ data throughout the examination process remains a top priority.

They also committed to notifying affected banks as soon as practicable—and no later than 72 hours after establishing a reasonable basis to believe that a material compromise of confidential supervisory information has occurred and identifying the affected institutions.

According to the memorandum, the Federal Reserve, FDIC, and OCC have previously used different methods to protect sensitive information during examinations.

The new coordinated approach is intended to align those practices so that examination teams across all three agencies follow a consistent standard when handling highly sensitive information.

The regulators will also provide written guidance and training for examiners on implementing the new protocol. At the start of each examination, examiners will inform supervised banks that management may identify information it considers highly sensitive and discuss the appropriate methods for handling such information.

However, the regulators noted that if supervisory needs require it, examiners may still request that the information be included in the official supervisory record after obtaining approval through the appropriate supervisory chain.

Discover more