Skip to content

Comments due on regulators' proposal to require notification of computer-security incidents

04/12/2021
Status: 

The OCC, Federal Reserve System, and the FDIC have published at 86 FR 2299 in the January 12, 2021, Federal Register a proposed rule that would require a banking organization to provide its primary federal regulator with prompt notification of any “computer-security incident” that rises to the level of a “notification incident.” The proposed rule would require such notification upon the occurrence of a notification incident as soon as possible and no later than 36 hours after the banking organization believes in good faith that the incident occurred.

The rule would also require a bank service provider to notify at least two individuals at affected banking organization customers immediately after the bank service provider experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided for four or more hours.

Comments on the proposal will be accepted for 90 days, through April 12, 2021.

Penalties View All

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Compliance Deadlines

By Status