The US federal bank regulatory agencies have recently approved a new policy commanding banks to notify their federal regulators of major cyberattack events within 36 hours. Banks are required only to report significant cyberattacks if they have or will possibly affect their transactions, operation, stability, or delivery of banking products or services.
Moreover, bank service providers will have to notify their clients at the nearest possible time if a cyberattack has occurred or will probably cause problems to their clients for four or more hours. The instances of these incidents that need to be reported by the banks under the new rule include wide-range denial of service attacks that can affect customer account access to banking services or computer hijacking incidents that may takedown baking operations.
The Computer-Security Incident Notification Final Rule explains that cybersecurity incidents resulting in destructive malware, malicious software, personnel errors, and other causes should be reported by banks immediately.
The increasing number of cyberattack events in recent years prompted the US government to develop this new rule.
The US government should achieve compliance with all banks by May 2022. The recently proposed and approved rule by the FDIC, Board of the Governors of the Federal Reserve System, and OCC will be effective at the start of April 2022, with full compliance of every bank by May 2022. This new rule regarding cyberattack reporting is developed to boost the banking supervisor’s awareness of emerging trends that will cause damage to financial organisations and will help the US financial system broaden.
In addition, this reporting rule will help regulatory agencies react quicker against the increasing number of threats against banking institutions. The Chairman of the FDIC stated that this final rule seeks to allow the banking supervisors to be more informed of the most significant cyberattacks today. Moreover, the law does not require assessment from the attending supervisor but to relay the information quicker and efficiently.
Today, the United States government is expecting the full cooperation of every financial institution inside their territory to mitigate and decrease all forms of cyberattack that affects their entire economic situation.
