Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements. Throughout 2021, government.
Nearly a year after issuing the notice of proposed rulemaking, the FDIC, OCC, and Federal Reserve have issued a final rule setting new notification requirements for banks and their.
U.S. federal banking regulators have approved a new rule that will require banks to notify regulators no later than 36 hours after the organization determines it
[Co-author: Jake Nevola]
On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed Rulemaking (NPRM) titled
Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
(Proposed Rule), which would create accelerated notification obligations for banking organizations and bank service providers in the event of a “‘computer-security incident’ that rises to the level of a ‘notification incident.’” Importantly, the Proposed Rule focuses on security events that disrupt financial institutions’ operations and not just security events that impact sensitive customer information, some of which would not be covered by the Proposed Rule.