‘Ask the regulators’ session set on computer-security incident notification rule

A final rule on computer-security incident notification will be the subject of an “Ask the Regulators” webinar set for April 28, federal banking regulators said Wednesday.

The final rule, adopted last November, is meant to improve the sharing of information about cyber incidents that may affect the banking system. It takes effect May 1.

The April 28 webinar, scheduled to start at 2 p.m. ET, will allow the agencies to respond to questions submitted in advance from banks and their service providers. Questions may be emailed, in advance, to asktheregulators@stls.frb.org. The agencies said questions submitted by April 20 (a week from today) will receive priority for responses from the panelists.

The final rule requires bank service providers to notify any affected agency-supervised banking organization customer as soon as possible when the service provider finds it has experienced a computer-security incident that has “materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, services provided to such banking organization for four or more hours.”

As for banks, in the case of an FDIC-supervised institution, a bank can comply with the rule by reporting an incident to the institution’s regulatory case manager, who serves as the primary FDIC contact for all supervisory-related matters, or to any member of an FDIC examination team if the event occurs during an examination.

FDIC to Participate in an Ask the Regulators Webinar on the Computer-Security Incident Notification Rule