Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
Abstract
The OCC, Board, and FDIC are issuing a final rule that requires a banking organization to notify its primary Federal regulator of any ``computer-security incident'' that rises to the level of a ``notification incident,'' as soon as possible and no later than 36 hours after the banking organization determines that a notification incident has occurred. The final rule also requires a bank service provider to notify each affected banking organization customer as soon as possible when the bank service provider determines that it has experienced a computer-security incident that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.
Federal Register Source
This document is published by the Office of the Federal Register, National Archives and Records Administration. Access the full regulatory text, preamble, and docket comments below.
View Full Text on FederalRegister.gov →Opens in new tab · federalregister.gov
Frequently Asked Questions
What is the 2021-25510 Federal Register document?
Is document 2021-25510 an economically significant rule?
Other Rules from Federal Reserve
Read our methodology - how this data is sourced, computed, and verified.
Related
Every figure on PlainRegWatch is rendered directly from state source data, no number is typed in by an editor. This page draws directly on federal and state source data, no figure is typed in by an editor. See our editorial standards & corrections policy, the methodology behind these numbers, or report a data error.