US regulators have released a Notice of Proposed Rulemaking (NPRM) that would oblige banking organizations and bank service providers in the country to adhere to more stringent reporting requirements for security incidents.
The rule would require notifications of any “computer-security incident” that rises to the level of a “notification incident” within 36 hours of the organizations discovering the incident.
The proposed regulation, entitled Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (Proposed Rule), would also oblige bank service providers to notify at least two individuals “at affected banking organization customers” immediately after a security incident disrupts, degrades or impairs services for at least four hours.
The notice, released January 12 by the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC), follows an increase in cyberattacks reported to federal law enforcement in the past years.
“These types of attacks may use destructive malware or other malicioussoftware to target weaknesses in the computers or networks of banking organizations supervised by the agencies,” the notice reads. “Some cyberattacks have the potential to alter, delete, or otherwise render a banking organization”s data and systems unusable. Depending on the scope of an incident, a banking organization”s data and system backups may also be affected, which can severely affect the ability of the banking organization to recover operations.”
The regulation also lists computer-security incidents that should be considered “notification incidents,” such as:
If the Proposed Rule passes, regulatory reporting obligations for banks and banking service providers will increase sharply, subjecting organizations to the most stringent federal incident reporting regulations to be implemented in the United States.
1 in 4 people is likely to be a victim of data breaches. Have you ever been exposed? Find out now with Bitdefender”s Digital Identity Protection.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsNovember 14, 2024
September 06, 2024