On May 25, 2022, the Review of Banking & Financial Services published an article on the recently issued banking agencies’ Final Rule on Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (the “Final Rule”). The Final Rule went into effect on April 1, 2022 and required banking organizations, as well as certain banking service providers, to comply by May 1, 2022. Importantly, on March 29, 2022, the banking agencies each issued guidance to their supervisory institutions regarding logistics for notification. The article, titled The Banking Agencies’ Final Rule on Computer-Security Incident Notification Requirements, was authored by Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, Courtney Bradford Pike and Andres Gutierrez.

The article discusses key aspects of the Final Rule, including:

• Important Definitions and Goals of the Banking Agencies;
• Updating Incident Response Plans for Compliance with the Final Rule;
• Computer-Security Incident Notification Requirements for Banking Organizations and Bank Service Providers; and
• Service Provider Relationships.

You can read the full article here.