Skip over FOIA navigation

Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers [R-1736]

The OCC, Board, and FDIC (together, the agencies) invite comment on a notice of proposed rulemaking (proposed rule or proposal) that would require a banking organization to provide its primary federal regulator with prompt notification of any "computer-security incident" that rises to the level of a "notification incident." The proposed rule would require such notification upon the occurrence of a notification incident as soon as possible and no later than 36 hours after the banking organization believes in good faith that the incident occurred.

This proposal has been archived and there are no comments available for viewing at this time.

Last update: July 12, 2022