The Office of the Comptroller of the Currency (the “OCC”), Treasury; the Board of Governors of the Federal Reserve System (the “Fed Board”); and the Federal Deposit Insurance Corporation (the “FDIC” and, collectively with the OCC and the Fed Board, the “Agencies”) issued a final rule detailing notification requirements for a “computer-security incident” that rises to the level of a “notification incident.” The new rule went into effect on April 1, 2022, with a compliance date of May 1, 2022. Given the recent history of computer-security incidents and their increase in severity in recent years in the banking industry, the Agencies believed that implementing a new breach notification rule was important to allow the Agencies to assess and respond to cyberattacks.
Continue Reading Final Rule Regarding Security Incident Notification Requirements: Time to Review Your Existing Procedures and Contracts