Federal Banking Agencies Issue Cyber Incident Notification Requirements | Practical Law
Federal banking agencies have issued a final rule requiring banking organizations to notify their primary federal regulator within 36 hours of determining certain material computer-security incidents have occurred. Bank service providers also must notify affected banking organization customers as soon as possible of computer-security incidents that materially disrupt or degrade covered services for four or more hours.