Regulatory Alerts2022-03-25
SR 22-4: Contact Information in Relation to Computer-Security Incident Notification Requirements
The Federal Reserve, FDIC, and OCC issued this letter to designate specific points of contact for banking organizations and service providers to notify regulators of computer-security incidents. The document mandates that institutions report notification incidents to the Board via email or telephone within 36 hours of determination, while service providers must alert affected customers of material service disruptions lasting four or more hours. These requirements align with a joint final rule taking effect on April 1, 2022, with a compliance deadline of May 1, 2022.
Share