Receive our newsletter – data, insights and analysis delivered to you
  1. News
November 19, 2021

US banking watchdogs finalise new rule on cyberattack reporting 

US federal bank regulatory agencies have finalised a new rule that requires banking firms to report cybersecurity incidents to the regulator within 36 hours of discovery.

The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation and Office of the Comptroller of the Currency have approved the final rule.

In a joint release, the agencies said: “The final rule requires a banking organization to notify its primary federal regulator of any significant computer-security incident as soon as possible and no later than 36 hours after the banking organization determines that a cyber incident has occurred.”

Additionally, the lenders are required to inform the customers of affected organisations as well about the cybersecurity incident if it can impact them for four hours or longer.

The new rule is aimed at helping authorities mitigate the risks cyber incidents pose on the banking and financial system.

“This requirement will help promote early awareness of emerging threats to banking organizations and the broader financial system. This early awareness will help the agencies react to these threats before they become systemic,” the agencies added.

Meanwhile, the industry trade group Securities Industry and Financial Markets Association (SIFMA) said that it completed a global industry-wide cybersecurity exercise.

The exercise, called Quantum Dawn VI, simulated a ransomware attack to allow financial firms, central banks, and data sharing firms among others to rehearse their response in an event of a cyberattack.

SIFMA president and CEO Kenneth Bentsen said: “A clear takeaway from the exercise is the importance of a robust partnership between the industry and government grounded in information sharing. No single actor – not the government, nor any individual firm – has the resources to protect markets from cyber threats on their own, nor do cyber incidents restrict themselves to one geographic region.”

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday. The industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy