Regulatory Alerts2021-01-12 | 2020-28498Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
The OCC, Federal Reserve, and FDIC issued a proposed rule requiring banking organizations to notify their primary federal regulator of significant computer-security incidents within 36 hours of good faith belief that a notification incident occurred. The proposal also mandates that bank service providers immediately notify at least two individuals at affected banking organization customers if an incident could disrupt services for four or more hours. This initiative aims to provide regulators with early alerts to emerging cyber threats and potential risks to financial stability that existing reporting frameworks fail to capture in a timely manner.
Share