We discuss the new notification requirements that the final rule places on both U.S. banking organizations and bank service providers relating to ransomware and similar computer security incidents, including the mandated timing for providing notice, and how the final rule differs from the agencies’ proposal. We also look at the compliance challenges presented by the final rule and offer suggestions for covered entities to consider in preparing for compliance with the new requirements.… Continue Reading
As anticipated, the OCC, Federal Reserve Board, and FDIC recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”). The Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic. It places new reporting requirements on both U.S. banking organizations, as well as bank service providers.