View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

FRS RIN: 7100-AG06 Publication ID: Fall 2021 
Title: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers--(Docket No: R-1736) 

The Office of the Comptroller of the currency, the Board of Governors of the Federal Reserve System, and Federal Deposit Insurance Corporation (together, the Agencies) invite comment on a notice of proposed rulemaking (proposed rule or proposal) that would require a banking organization to provide its primary federal regulator with prompt notification of any computer-security incident” that rises to the level of a notification incident.” The proposed rule would require such notification upon the occurrence of a notification incident as soon as possible and no later than 36 hours after the banking organization believes in good faith that the incident occurred. This notification requirement is intended to serve as an early alert to a banking organization's primary federal regulator and is not intended to provide an assessment of the incident. Moreover, a bank service provider would be required to notify at least two individuals at affected banking organization customers immediately after the bank service provider experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided for four or more hours.

Agency: Federal Reserve System(FRS)  Priority: Substantive, Nonsignificant 
RIN Status: Previously published in the Unified Agenda Agenda Stage of Rulemaking: Proposed Rule Stage 
Major: No  Unfunded Mandates: No 
CFR Citation: 12 CFR 225   
Legal Authority: 12 U.S.C. 321    12 U.S.C. 1467    12. U.S.C. 5365    12 U.S.C. 322    ...   
Legal Deadline:  None
Action Date FR Cite
Board Requested Comment  01/12/2021 
Board Expects Further Action  12/00/2021 
Regulatory Flexibility Analysis Required: No  Government Levels Affected: None 
Federalism: No 
Included in the Regulatory Plan: No 
RIN Data Printed in the FR: No 
Agency Contact:
Nida Davis
Associate Director
Federal Reserve System
Division of Supervision and Regulation,
Washington, DC 20551
Phone:202 872-4981

Julia Philipp
Lead Financial Institution Cybersecurity Policy Analyst
Federal Reserve System
Division of Supervision and Regulation,
Washington, DC 20551
Phone:202 973-5059

Jay Schwarz
Assistant General Counsel
Federal Reserve System
Legal Division,
Washington, DC 20551
Phone:202 452-2970