Summary of Proposed Rule Computer-Security Incident Notification Requirements

Updated 01/05/2021

This summary breaks not the Notice of Proposed Rulemaking by the Agencies that would require banking organizations and bank service providers to provide accelerated notices of certain cybersecurity and related events to the banking organization’s primary federal regulator. For banking organizations, notice to regulators would be required within 36 hours of a determination of the event. The proposal would also broadly expand the scope of regulatory cybersecurity notification obligations, going well beyond incidents that compromise personal information.

Members Can Download This Tool

Login to Download


Not Yet a Member?

Our members enjoy:

On-demand regulatory guidance hotline – by chat, phone and email – available from anywhere, on any device – 7 am - 6 pm, M-F, Central time 

Research time saved daily & weekly across forms, checklists, and trainings — for every regulation

Hours of form-building and branding of bank documents saved; in some cases, even the budget of additional staff

A sounding board for support and reassessment when institutional goals or the regulatory environment changes

Access to attorneys and compliance specialists for risk modelling and decision-making in advance of large business decisions

The knowledge that C/A was created and owned by 30 State Bankers Association to provide bank compliance services to their membership organizations

Find out how a personalized team of attorneys and compliance professionals helps build targeted compliance strategies throughout your institution when you take our Live Membership Demo.

Become a Member