Regulatory Alerts2021-11-23 | 2021-25510Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
The OCC, Federal Reserve Board, and FDIC issued a final rule requiring banking organizations to notify their primary federal regulator of significant computer-security incidents within 36 hours of determination. The regulation also mandates that bank service providers promptly alert affected banking customers when a security event causes or is likely to cause material service disruption for four or more hours. By establishing precise definitions for computer-security and notification incidents, the rule ensures early regulatory awareness of emerging cyber threats while harmonizing third-party reporting standards across the financial sector.
Share