Final Rule Places New Cybersecurity Reporting Requirements on Banks

Last month, the Federal Reserve System’s Board of Governors, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency approved a final rule that places reporting requirements on banks and banking service providers. Under this new rule, banks must report cybersecurity incidents within 36 hours to federal regulators. In addition, banking service providers must notify banks as soon as possible after suffering a computer security incident. This new rule also requires banks to inform customers of any computer security incident lasting more than four hours. More.