by Dr. David Jones

Did you know that banking institutions now have the shortest timeline of any industry to report security incidents? Well, it’s true! As of April 1, 2022, banking institutions now only have a 36-hour window to notify regulators of security incidents. Collaboratively, The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (Board), and the Office of the Comptroller of the Currency (OCC) agreed on this time frame. Read the FDIC Letter here.

So, what does that mean to you as a banking institution? It means that you must be well-versed in the reporting process to ensure that you meet that 36-hour timeline. At Vala Secure we are appropriately updating incident response policies for our clients as well as running roundtable exercises to see if clients really could comply with this requirement.  The toughest part is actually documenting an accurate statement that is approved by Executive Management, Board, and Legal and then to be able to send the statement to the affected consumers within the time requirement. 

Oh…did I mention that there is also a 4-hour rule that requires banking institutions to report any downtime that impacts operations, such as a power outage, network outage, etc.? Within our business continuity planning process, we've been able to identify what materially affects banks and customers and when we would need to report our findings to regulators.  This expertise gives peace of mind and decreases risk for our banking clients. Staying on top of changing regulatory compliance can be challenging, and having a trusted partner can help. Reach out to us at Vala Secure for more information or find out more about this process on our website.