The Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) have announced an "Ask the Regulators" webcast to field questions about those agencies' new Computer-Security Incident Notification Rule. The rule went into effect on April 1, 2022, and compliance is required starting May 1, 2022.
DWT recently hosted a discussion of the Computer-Security Incident Notification Rule and its implications for both banking organizations and bank service providers. A recording of our session, titled "Time Flies! Navigating Federal Banking Regulators' 36-Hour Security Incident Notification Rule," can be viewed below.
As discussed in our webinar, we encourage banking organizations and bank service providers, as defined in the new rule, to examine their incident response plans and document how they plan to comply with the 36-hour notification deadline. Bank service providers also should inventory their data and systems to identify which are subject to the new rule and develop plans for notifying relevant banking organizations in the event of a covered incident.