TOP STORY | Issue 48

US regulators order banks to report cyber-attacks within 36 hours


The Office of the Comptroller of the Currency (OCC), Board, and the FDIC have jointly announced that banks will be required to notify their primary federal regulator of any significant cyber-security incident as soon as possible, and no later than 36 hours after it has taken place.

The rule also requires banking service providers to notify affected customers as soon as possible, if it is deemed the incident could impact them for four or more hours.