This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
12/22/2021
Beginning in May 2022 Banks Will Have 36 Hours to Disclose Certain Types of Cyber Incidents
jdsupra.com
Federal banking regulators issued a final rule that impacts how banks and other regulated entities report certain data incidents. Those subject to these new reporting requirements include U.S. banks and bank service providers. The rule is effective April 1, 2022, and covered entities are expected to comply with the final rule by May 1, 2022. The new requirements reflect ongoing concern to identify and stop computer security incidents before they become systemic.
As we detail in our sister blog here, banks will have to 36 hours to notify their primary regulator after determining that they suffered a computer-security incident that rises to the level of a notification incident. Two definitions are important for understanding when such notice is required. First, a computer-security incident is one that would result in actual harm to either information systems or underlying information in those systems. Second, a notification incident is one that materially disrupts a banking organization’s operations or lines of business.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more informationResources
Your electronic library to help in fighting financial fraud for all of our partners.
more information