36-Hour Breach Notification for Banks Is Here

On May 25, 2022, the Review of Banking & Financial Services published an article on the recently-issued banking agencies’ Final Rule on Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (the “Final Rule”). The Final Rule went into effect on April 1, 2022 and required banking organizations, as well as certain banking service providers, to comply by May 1, 2022. Importantly, on March 29, 2022, the banking agencies each issued guidance to their supervisory institutions regarding logistics for notification. The article titled, The Banking Agencies’ Final Rule on Computer-Security Incident Notification Requirements, was authored by Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, Courtney Bradford Pike, and Andres Gutierrez.

The article discusses key aspects of the Final Rule, including:

Important Definitions and Goals of the Banking Agencies;
Updating Incident Response Plans for Compliance with the Final Rule;
Computer-Security Incident Notification Requirements for Banking Organizations and Bank Service Providers; and
Service Provider Relationships

You can read the full article here.

To subscribe to our Data Blog, please click here.

Webcast: AI Readiness – Practical Steps to Prepare for Artificial Intelligence (AI) Incidents

New Automated Decision-Making Laws: Four Tips for Compliance

Related Posts

Webcast – CISA Proposes Major Reporting Obligations for Critical Infrastructure

CISA Proposes Major Reporting Obligations for Critical Infrastructure

100 Days of Cybersecurity Incident Reporting on Form 8-K: Lessons Learned