Welcome to the Compliance Cohort. We are a group of compliance professionals working to make compliance easier. Our goal is to take complex compliance concepts and put them in simple terms that apply to the real world. We are glad you have found us and look forward to collaborating in the future.
If you haven't done so already, make sure you sign up for our free membership where you get access to many member-only videos, articles, and other resources.
On 11/18/21, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) issued a final rule that requires a banking organization to notify its primary Federal regulator of any “computer-security incident” that rises to the level of a “notification incident,” as soon as possible and no later than 36 hours after the banking organization determines that a notification incident has occurred. The final rule also requires a bank service provider to notify each affected banking organization customer as soon as possible when the bank service provider determines that it has experienced a computer-security incident that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.
The final rule is effective on April 1, 2022 and compliance to the same is required by May 1, 2022.
The Interagency Statement can be found at:
The following text in this chapter is based off of the interagency release.
A full overview of the Cyber Incident Notification Rule can be found here.
