Our Website Uses Cookies 


We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.


For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Cyber Incident Notification Requirements for Banking Organizations and Service Providers – Proposed Rule

December 18, 2020, Covington Alert

On December 18, 2020, the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, and Federal Deposit Insurance Corporation issued a notice of proposed rulemaking requiring a banking organization to notify its primary federal regulator within 36 hours of a significant cybersecurity incident and requiring a bank service provider to notify at least two individuals at an affected banking organization customer of a significant cybersecurity incident that could disrupt services for four or more hours. The proposed rule’s notification requirement is intended to provide an early alert to the banking organization’s regulator of emerging threats to the banking organization and the broader financial system.

Share this article: