Given the omnipresent concern about cyber attacks targeting the banking industry, the FDIC, OCC and Federal Reserve recently published a new joint final rule establishing enhanced security incident notification requirements for banking organizations and their service providers.
The final rule is designed to improve the sharing of information about cyber incidents that may impact the nation’s banking system and requires banks to notify their primary federal regulator within 36 hours of determining that a “significant” computer-security incident has occurred. Similarly, bank service providers are now required to notify impacted bank customers as soon as possible of any incident that could materially impact their operations for four hours or more.
The deadline for compliance with the new notification requirements is May 1.
To read the full story including the new requirements in detail, click here.