Complete Story
 

12/22/2021

Beginning in May 2022 Banks Will Have 36 Hours to Disclose Certain Types of Cyber Incidents

jdsupra.com

Federal banking regulators issued a final rule that impacts how banks and other regulated entities report certain data incidents.  Those subject to these new reporting requirements include U.S. banks and bank service providers. The rule is effective April 1, 2022, and covered entities are expected to comply with the final rule by May 1, 2022. The new requirements reflect ongoing concern to identify and stop computer security incidents before they become systemic.

As we detail in our sister blog here, banks will have to 36 hours to notify their primary regulator after determining that they suffered a computer-security incident that rises to the level of a notification incident.  Two definitions are important for understanding when such notice is required. First, a computer-security incident is one that would result in actual harm to either information systems or underlying information in those systems. Second, a notification incident is one that materially disrupts a banking organization’s operations or lines of business.

Read more...

Printer-Friendly Version


Resources

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information
Resources

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information