Paul Hastings Discusses Proposed Cyber Incident Reporting Rule for Banks

Federal financial regulatory agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”) (collectively, the “Regulators”), issued on December 18, 2020, a Notice of Proposed Rulemaking titled “Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers.”

Existing financial services (GLBA) regulatory guidance already requires supervised banking organizations to notify their primary federal regulators “as soon as possible” if they become aware of an incident involving unauthorized access to, or use of, sensitive customer information. However the existing requirements … Read more