The Banking Agencies’ Final Rule on Computer-Security Incident Notification Requirements
Author: Avi Gesser.; Johanna Skrzypczyk.; Michael R. Roberts.; Courtney Bradford Pike.; Andres Gutierrez.
Source: Volume 38, Number 05, May 2022 , pp.35-42(8)
next article > |return to table of contents
Abstract:
Responding to the increasing frequency and severity of cyberattacks on the financial services industry, the federal banking agencies have issued a final rule regarding required notifications of such attacks. The authors discuss the rule in detail, beginning with the Agencies’ stated goals and key definitions in the rule. They then turn to updating incident response plans for compliance, incident notification requirements, and issues surrounding service provider contacts and contracts.Keywords: Final Rule on Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
Affiliations:
1: Debevoise & Plimpton LLP; 2: Debevoise; 3: Debevoise; 4: Debevoise; 5: Debevoise.