On Thursday 18th of November 2021, US federal bank regulatory agencies approved a new rule that requires banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Currently banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector’s stability.
This rule comes about after an observed increase in cyberattack targeting the financial services industry where it has been observed that these attacks can have a major impact to banking organizations’ networks, data, and systems, and ultimately their ability to resume normal operations. The final rule will take effect on April 1, 2022, with full compliance extended to May 1, 2022.
The goal of this new rule is to improve banking organisations’ awareness of emerging cyber threats to the US financial system and therefore will help the federal bank regulatory agencies to react to the increasing and accumulating threats before they will become major problem to the US financial system. If signed into law, this newly introduced bill will require US financial organisations that experience ransomware attacks to notify the Director of the Treasury Department’s Financial Crimes Enforcement Network with details on the attack and associated ransom demands.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.