Federal Deposit Insurance Corporation January 12, 2021 – Federal Register Recent Federal Regulation Documents
Results 1 - 2 of 2
Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
The OCC, Board, and FDIC (together, the agencies) invite comment on a notice of proposed rulemaking (proposed rule or proposal) that would require a banking organization to provide its primary federal regulator with prompt notification of any ``computer-security incident'' that rises to the level of a ``notification incident.'' The proposed rule would require such notification upon the occurrence of a notification incident as soon as possible and no later than 36 hours after the banking organization believes in good faith that the incident occurred. This notification requirement is intended to serve as an early alert to a banking organization's primary federal regulator and is not intended to provide an assessment of the incident. Moreover, a bank service provider would be required to notify at least two individuals at affected banking organization customers immediately after the bank service provider experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided for four or more hours.
FDIC Rules of Practice and Procedure; Technical Revisions
The Federal Deposit Insurance Corporation (FDIC) is amending its rules of practice and procedure to codify the agency's longstanding practice of having certain adjudicative functions performed by an inferior officer of the United States appointed by the FDIC's Board of Directors (Board). Additionally, the FDIC is making other technical edits to its rules of practice and procedure to update references to certain positions within the FDIC Legal Division whose titles are outdated.