On December 15, 2020, the Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corporation issued a notice of proposed rulemaking that would require substantially faster notification of cybersecurity incidents involving banking organizations, expand the list of triggering events, and impose first-of-its kind notification requirements for bank service providers.  Banking organizations and their service providers should consider reviewing their incident response plans for compliance with the proposed rule and should consider commenting on the proposal.  Comments are due 90 days after publication in the Federal Register, which is expected soon.

If you have any questions regarding the matters covered in this publication, please reach out to any of the lawyers listed below or your usual Davis Polk contact.

This communication, which we believe may be of interest to our clients and friends of the firm, is for general information only. It is not a full analysis of the matters presented and should not be relied upon as legal advice. This may be considered attorney advertising in some jurisdictions. Please refer to the firm's privacy notice for further details.

Related materials

Read the full update
Copy link to share post