Jeff Collins

05.26.2022

In November of 2021, the Agencies, comprised of the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Federal Reserve Board (FRB), passed a regulation that requires banks to notify regulators no more than 36 hours after they identify that a security incident (that rises to the level of a “notification event”) has taken place. The regulation required full compliance by May 1, 2022. FDIC-supervised banks will report incidents to their case managers while banks that are regulated by the Board of Governors of the Federal Reserve System will need to inform the board. The Agencies explain though that not every data security incident is a notification event. According to the rule, a computer-security incident is “an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores or transmits. An incident requiring subsequent notification is defined as a ‘computer-security incident’ that has disrupted or degraded a banking organization’s operations and its ability to deliver services to a material portion of its customer base and business lines”

 Read the full bulletin

Keep Informed


SHARE

Jeff Collins

05.26.2022

Keep Informed