Federal Bank Regulators Expand Duty to Notify after a Cybersecurity Event

By James M. Kane, James W. Morrissey, Daniel C. McKay, II, Jennifer Durham King, Juan M. Arciniegas, Mark C. Svalina & Mary Donohue on December 17, 2021

Posted in Bank & Thrift Regulation & Enforcement, Bank Litigation, Privacy, Cybersecurity & Media, Regulatory

On November 18, 2021, the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), and the Board of Governors of the Federal Reserve System (FRB) (each, an “Agency” and, collectively, the “Agencies”) finalized a uniform regulation, codified at 12 C.F.R. Part 53, 12 C.F.R. Part 225.300 and 12 C.F.R. Part 304, with the stated purpose of improving the sharing of information about cybersecurity incidents harmful to the U.S. banking system (the “Regulation”). Pursuant to the Regulation, banks will be required to notify their primary federal regulatory Agency within thirty-six (36) hours of “any significant computer-security incident.”Continue Reading Federal Bank Regulators Expand Duty to Notify after a Cybersecurity Event

Menu

The 21st Century Banker

Compliance

Federal Bank Regulators Expand Duty to Notify after a Cybersecurity Event

ABOUT VEDDER PRICE