May 1st is Around the Corner: Bank Computer-Security Incident Notification Requirements

A couple of months in the past, we published a put up about the OCC, FDIC, and Federal Reserve Board’s final rule to enhance info sharing about cyber incidents that will have an effect on the U.S. banking system. Below the ultimate rule, banks and their service suppliers should notify their main federal regulators inside 36 hours after a notification incident has occurred. In the newest replace from the regulators, they remind banks that beginning May 1, banks should notify their main federal regulators about computer-security incidents. Under is the contact info and the course of for contacting every regulator:

OCCBanks could fulfill the notification requirement of the ultimate rule by contacting their supervisory workplace or by utilizing considered one of the following to speak a notification incident:

  • BankNet: Registered BankNet members could securely submit an incident from the home page. Customers ought to register for BankNet effectively earlier than an incident happens, in order that the notification course of is extra environment friendly if and when an incident happens.

  • BankNet Assist Desk: E mail: [email protected]; Cellphone: (800) 641-5925

FDICFDIC-supervised banks can adjust to the rule by reporting an incident to their case supervisor, who serves as the main FDIC contact for all supervisory-related issues, or to any member of an FDIC examination group if the occasion happens throughout an examination. If a financial institution is unable to entry its supervisory group contacts, the financial institution could notify the FDIC by e mail at: [email protected]

Federal Reserve: A banking group whose main federal regulator is the Board should notify the Board a couple of notification incident by e mail to [email protected] or phone to (866) 364-0096. The Board should obtain this notification from a banking group as quickly as attainable and no later than 36 hours after the banking group determines {that a} notification incident has occurred. If a banking group is unsure as as to whether it is experiencing a notification incident for functions of notifying the Board, the Board encourages the banking group to contact the Board by e mail to [email protected] or phone to (866) 364-0096

Placing it into Follow: Banks ought to needless to say there are just a few weeks left earlier than the rule goes into impact. The ultimate rule applies equally to banking service suppliers – thus events ought to make sure that safety incidents impacting distributors are appropriately addressed in vendor contracts so banks can meet new regulatory expectations (we just lately mentioned the impression of banking rules on third celebration service suppliers in earlier Shopper Finance and FinTech weblog posts here and here). Time is of the essence when coping with computer-security incidents, so familiarizing your self with the ultimate rule and having the above info at the prepared will higher put together your compliance and response features.

Source link