On December 15, 2020, the Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corporation issued a notice of proposed rulemaking that would require substantially faster notification of cybersecurity incidents involving banking organizations, expand the list of triggering events, and impose first-of-its kind notification requirements for bank service providers.  Banking organizations and their service providers should consider reviewing their incident response plans for compliance with the proposed rule and should consider commenting on the proposal.  Comments are due 90 days after publication in the Federal Register, which is expected soon.

Please see our client memorandum for more details.

 

View as a PDF