Regulatory Alerts2021-01-12 | 2020-28498Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
The OCC, Federal Reserve, and FDIC propose rules requiring banking organizations to notify their primary federal regulator of significant computer-security incidents within 36 hours of good faith belief that a notification incident occurred. The agencies also mandate that bank service providers immediately notify at least two individuals at affected banking organization customers if a service disruption is expected to last four or more hours. This proposed rulemaking aims to provide regulators with early alerts to emerging cyber threats and potential risks to financial stability that existing reporting frameworks fail to capture in a timely manner.
Share