FDIC Releases New Cybersecurity Rule
In case you missed it with the past busy holiday season, the Federal Deposit Insurance Corporation (FDIC) released FIL-74-2021, titled “Computer-Security Incident Notification Final Rule.”
The FDIC, Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency issued the joint final rule to establish computer-security incident notification requirements for banking organizations and their bank service providers. The most significant requirement is that all FDIC-supervised banking organizations will be required to notify the FDIC as soon as possible and no later than 36 hours after the banking organization determines that a computer-security incident that rises to the level of a notification incident has occurred. The banking organization must provide this notification to the appropriate FDIC supervisory office, or an FDIC-designated point of contact, through email, telephone, or other similar methods that the FDIC may prescribe.
The final rule takes effect on April 1, 2022, with full compliance extended to May 1, 2022.
A copy of the final rule can be found on the FDIC’s website.
The FDIC FIL can be found here.
If you have any questions about this new rule or want to discuss how we can help improve your cybersecurity program, please reach out to your BKD Trusted Advisor™ or submit the Contact Us form below.