MONTH-IN-BRIEF (Apr 2022)
Computer-Security Incident Notification Requirements for Banks Become Effective
By Rachael L. Aspery, McGlinchey Stafford, PLLC
On November 23, 2021, the Board of Governors of the Federal Reserve System (“Board”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”), jointly issued a final rule with respect to establishing notification requirements for computer-security incidents for banking organizations and bank service providers in order to promote early awareness of emerging threats and enable the agencies to react to the threats before the threats become systemic (“Final Rule”). The Final Rule went into effect on April 1, 2022, with a compliance date of May 1, 2022. The Final Rule is applicable to all banking organizations that are supervised by the Federal Reserve, OCC, and FDIC, but does not apply to designated financial market utilities under 12 U.S.C. § 5462(4).