Board of Governors of the Federal Reserve System

The Federal Reserve is issuing this letter to announce an expansion of its Emergency Communications System (ECS), a service which maintains a database of emergency contacts, to include contact information of employees at Federal Reserve-supervised financial institutions who are capable of receiving and acting upon cyber emergencies (referred to as "designated cyber emergency contacts").  The Federal Reserve has previously issued guidance to highlight the supervisory practices that the Federal Reserve can employ when financial institutions and their borrowers and other customers are affected by a major disaster or emergency.¹  In response to heightened efforts by cyber criminals to penetrate financial institutions, the Federal Reserve has decided to enhance its communications capabilities by expanding the ECS database of emergency contact information, which is currently maintained by the Federal Reserve Bank of St. Louis.  In the coming weeks, ECS staff will be working with representatives from each Reserve Bank to contact supervised financial institutions to identify and register designated cyber emergency contact(s).

Emergency Communications System (ECS) Function

In 2008, the Federal Reserve developed the ECS to maintain business contact information that could be used by the Federal Reserve to communicate with supervised institutions during a natural disaster or an operational outage emergency.  By developing and maintaining the database of emergency contacts, ECS staff have facilitated communications between supervised institutions and federal and state regulators during emergencies such as ice storms, floods, hurricanes, blizzards, and a dam breach.  When combined with standard communication tools, such as email, ZixMail (for secure communications), or telephone, the ECS enables the Federal Reserve to establish and maintain communications with supervised institutions during natural disasters, infrastructure outages, or cyber emergencies.

In response to a local or regional event, Reserve Banks may use the ECS to contact supervised institutions in their districts.  The authority to issue a nationwide emergency message resides with the Directors in the Board's Divisions of Banking Supervision and Regulation and Consumer and Community Affairs.

ECS Registration Process

Each Reserve Bank should designate a primary contact (referred to as the "Reserve Bank ECS contact") who will work with ECS staff to obtain the cyber emergency contact data for the district's supervised institutions.  ECS staff will work with the Reserve Bank ECS contacts to notify supervised financial institutions and begin the registration of an institution's designated cyber emergency contact(s).²  The registration process requires each designated emergency contact to create a secure user identification and password and provide his or her name and business email, address, and telephone number.

Testing and Validation of An Institution's Designated Cyber Emergency Contact

ECS staff conducts periodic testing to ensure the validity of contact information stored with ECS.  The routine testing of ECS includes verification of a contact's business phone number(s) and email address and confirmation of the delivery of test messages to resolve any delivery issues.

Reserve Bank Coordination

ECS will be operated by staff at the Federal Reserve Bank of St. Louis.  Federal Reserve Banks will be working with the ECS staff to obtain the necessary cyber emergency contact information for supervised institutions in their respective Districts.  

All questions concerning registration and operational matters should be directed to the ECS Support Line at [email protected] or 1-877-327-5333.  In addition, institutions may send questions via the Board's public website.³

Notes: