Rule requires banks report significant ‘computer-security incidents’ within 36 hours
By 
Aaron Nicodemus2021-11-19T21:15:00
Federal banking regulators issued a rule that requires financial institutions to notify their regulator within 36 hours of a “computer-security incident” that materially affects their operation, ability to deliver services, or the stability of the financial sector.
Related articles
-
ArticleFINRA notice outlines key areas for supervising third parties
The Financial Industry Regulatory Authority issued a notice on compliance deficiencies arising from firms’ relationships with vendors culled from examination findings.
-
ArticleTakeaways from NYDFS ransomware guidance
The New York State Department of Financial Services has issued guidance for regulated entities describing best practices for reducing the risk of a ransomware attack.
-
ArticleNYDFS regulation a best-practices model for cyber-security training
Companies must make cyber-security a continuous priority as threats evolve, often more quickly than the technology and regulations to counter them. That’s why the New York Department of Financial Services, under Maria Vullo, developed a policy that should act as a model for organizations.
More from Regulatory Policy
-
PremiumEU moves to simplify GDPR and AI Act obligations, raising compliance questions for companies
For the past decade, Europe has led in creating strong but flexible rules for data use and safe AI development. The EU’s new plans to simplify key data privacy and AI governance measures have received a mixed response.
-
News BriefSEC exam priorities for 2026 signal heightened focus on firmwide compliance
The U.S. Securities and Exchange Commission’s (SEC) Division of Examinations released its 2026 examination priorities, which give companies a roadmap of areas of heightened risk and regulatory focus for next year.
-
ArticlePharma sector boom puts pressure on compliance to counter financial crime
Regulation is a matter of life and death in the pharmaceutical industry. Rules to combat practices that can kill have been in force for decades, but tech developments are rapidly creating new risks and focusing lawmakers’ attention on areas where some compliance teams may lack experience.