On May 25, 2022, the Review of Banking & Financial Services published an article on the recently-issued banking agencies’ Final Rule on Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (the “Final Rule”). The Final Rule went into effect on April 1, 2022 and required banking organizations, as well as certain banking service providers, to comply by May 1, 2022. Importantly, on March 29, 2022, the banking agencies each issued guidance to their supervisory institutions regarding logistics for notification. The article titled, The Banking Agencies’ Final Rule on Computer-Security Incident Notification Requirements, was authored by Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, Courtney Bradford Pike, and Andres Gutierrez.

The article discusses key aspects of the Final Rule, including:

  • Important Definitions and Goals of the Banking Agencies;
  • Updating Incident Response Plans for Compliance with the Final Rule;
  • Computer-Security Incident Notification Requirements for Banking Organizations and Bank Service Providers; and
  • Service Provider Relationships

You can read the full article here.

To subscribe to our Data Blog, please click here.

 

Author

Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.

Author

Johanna Skrzypczyk (pronounced “Scrip-zik”) is a counsel in the Data Strategy and Security practice of Debevoise & Plimpton LLP. Her practice focuses on advising AI matters and privacy-oriented work, particularly related to the California Consumer Privacy Act. She can be reached at jnskrzypczyk@debevoise.com.

Author

Michael R. Roberts is a senior associate in Debevoise & Plimpton’s global Data Strategy and Security Group and a member of the firm’s Litigation Department. His practice focuses on privacy, cybersecurity, data protection and emerging technology matters. He can be reached at mrroberts@debevoise.com.

Author

Courtney Bradford Pike is a corporate associate and a member of the Financial Institutions Group. Her practice focuses on banking regulatory, transactional and compliance matters as well as structured and funds finance.

Author

Andres Gutierrez is an associate in the Litigation Department.