How are banks handling commercial customers that are victimized by cyber-events (ransomware, breaches, business email compromises, etc)? Once notified by the commercial customer, we generally lock down their online banking systems until we are comfortable they have fixed all their vulnerabilities. We also recommend they hire a forensic expert to identify the source and magnitude of the vulnerabilities. Do any banks require the commercial customers to provide a "certification" or "forensic analysis report" that essentially gives the commercial customer a clean bill of health before they turn back on their online banking systems? We are attempting to go this direction but wanted to see what other banks are doing. Thank you.