Federal Banking Regulators Issue 36-Hour Cybersecurity Breach Notification Requirement

In November, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Federal Reserve Board of Governors (FRB) jointly issued a final rule that requires a federally regulated bank to notify its primary federal regulator within 36 hours after determining that a computer-security “notification incident” has occurred. This presentation will provide a brief overview of the new notice requirement, applying to banking organizations and service providers starting in April 2022.