/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

US banks ordered to report cyber incidents within 36 hours

US regulators have approved a new rule that requires banks to report any "significant" computer security incident within 36 hours of discovering it.

  5 Be the first to comment

US banks ordered to report cyber incidents within 36 hours

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Banks must inform their primary federal regulator within the timeframe for incidents that have materially affected — or are reasonably likely to materially affect — the viability of their operations, their ability to deliver products and services, or the stability of the financial sector.

In addition, banks must notify customers as soon as possible if the incident has, or is reasonably likely to, materially affected these users for four or more hours.

Banks have to be compliant with the rule - which has been approved by the Federal Reserve, FDIC and OCC - by 1 May 2022.

Sponsored [Webinar] PREDICT 2025: The Future of Faster Payments in the US
 

Share

3
5
1
 
 

Related Company

Federal Deposit Insurance Corporation Federal Reserve Board Office of the Comptroller of the Currency

Channels

/regulation & compliance /retail banking /security /wholesale banking

Comments: (0)

Related news

US banks put on red alert as Iran crisis deepens

[On-Demand Webinar] PREDICT 2025: The Future of AI in the USFinextra Promoted[On-Demand Webinar] PREDICT 2025: The Future of AI in the US

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept