Feds Finalize Curbed Cyber Incident Reporting Rule For Banks

By Ben Kochman (November 19, 2021, 9:15 PM EST) -- Federal regulators have finalized a rule that will require U.S. banks to alert authorities about confirmed cybersecurity episodes within 36 hours, using a new narrowed definition of a cybersecurity "incident" after industry lobbyists criticized an initial draft.

In a joint notice published Thursday, the Federal Reserve, Federal Deposit Insurance Corp. and Office of the Comptroller of the Currency called for banks, starting in May 2022, to alert their primary federal regulator within 36 hours of learning about cybersecurity incidents that cause "actual harm" to the "confidentiality, integrity, or availability" of their computer networks.

Regulators said the rule is intended to allow...

Stay ahead of the curve

In the legal profession, information is the key to success. You have to know what’s happening with clients, competitors, practice areas, and industries. Law360 provides the intelligence you need to remain an expert and beat the competition.

  • Access to case data within articles (numbers, filings, courts, nature of suit, and more.)
  • Access to attached documents such as briefs, petitions, complaints, decisions, motions, etc.
  • Create custom alerts for specific article and case topics and so much more!


Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!