Regulators from the Department of the Treasury's Office of the Comptroller of the Currency, the Federal Reserve, and the Federal Deposit Insurance Corp., say that effective April 1, 2022 - with full compliance extended to May 1, 2022 - banking organizations must provide incident notification to the appropriate FDIC supervisory office or an FDIC-designated point of contact, within a day and a half. |
"As technology has evolved, so have the cybersecurity risks with which banks must grapple," said FDIC Chairman Jelena McWilliams in a statement. "The final rule … addresses a gap in timely notification to the banking agencies of the most significant computer-security incidents affecting banking organizations, allowing the FDIC and our fellow banking supervisors to be better positioned to understand and to respond to cybersecurity threats across the banking sector." |