A new proposed federal rule, “Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers,” could impose accelerated notification requirements on banking organizations and their service providers when notification incidents (as defined in the proposed rule) occur.

The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (FDIC) issued the rule on January 12, 2021. The rule’s comment period concluded April 12.

The issuing agencies argue that the adoption of this proposed rule would support their missions by, among other things, requiring that agencies have earlier notice of emerging threats to individual banking organizations and the broader financial system. This notice may help limit losses in the event of significant data security incidents.

 Our recent client alert explains the new obligations under the proposed rule and their effects on banking organizations.