Download free GDPR compliance checklist!

New Proposed Rule Requires US Banks to Notify Regulators within 36 Hours

On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed Rulemaking (NPRM) titled Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers.

The Proposed Rule would require a “banking organization” to notify its primary regulator no later than 36 hours after reasonably determining that a qualifying incident has occurred, and it would require a “bank service provider” (both terms defined below) to notify a banking organization immediately upon detecting that an incident materially impacting such organization has occurred.

Source: New Proposed Rule Requires Banks to Notify Regulators within 36 Hours – Hogan Lovells Engage