{"abstract":"The OCC, Board, and FDIC are issuing a final rule that requires a banking organization to notify its primary Federal regulator of any ``computer-security incident'' that rises to the level of a ``notification incident,'' as soon as possible and no later than 36 hours after the banking organization determines that a notification incident has occurred. The final rule also requires a bank service provider to notify each affected banking organization customer as soon as possible when the bank service provider determines that it has experienced a computer-security incident that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.","action":"Final rule.","agencies":[{"raw_name":"DEPARTMENT OF THE TREASURY","name":"Treasury Department","id":497,"url":"https://www.federalregister.gov/agencies/treasury-department","json_url":"https://www.federalregister.gov/api/v1/agencies/497","parent_id":null,"slug":"treasury-department"},{"raw_name":"Office of the Comptroller of the Currency","name":"Comptroller of the Currency","id":80,"url":"https://www.federalregister.gov/agencies/comptroller-of-the-currency","json_url":"https://www.federalregister.gov/api/v1/agencies/80","parent_id":497,"slug":"comptroller-of-the-currency"},{"raw_name":"FEDERAL RESERVE SYSTEM","name":"Federal Reserve System","id":188,"url":"https://www.federalregister.gov/agencies/federal-reserve-system","json_url":"https://www.federalregister.gov/api/v1/agencies/188","parent_id":null,"slug":"federal-reserve-system"},{"raw_name":"FEDERAL DEPOSIT INSURANCE CORPORATION","name":"Federal Deposit Insurance Corporation","id":164,"url":"https://www.federalregister.gov/agencies/federal-deposit-insurance-corporation","json_url":"https://www.federalregister.gov/api/v1/agencies/164","parent_id":null,"slug":"federal-deposit-insurance-corporation"}],"body_html_url":"https://www.federalregister.gov/documents/full_text/html/2021/11/23/2021-25510.html","cfr_references":[{"chapter":null,"citation_url":null,"part":53,"title":12},{"chapter":null,"citation_url":null,"part":225,"title":12},{"chapter":null,"citation_url":null,"part":304,"title":12}],"citation":"86 FR 66424","comment_url":null,"comments_close_on":null,"correction_of":null,"corrections":[],"dates":"Effective date: April 1, 2022; Compliance date: May 1, 2022.","disposition_notes":null,"docket_ids":["Docket ID OCC-2020-0038","Docket No. R-1736"],"dockets":[],"document_number":"2021-25510","effective_on":"2022-04-01","end_page":66444,"executive_order_notes":null,"executive_order_number":null,"explanation":null,"full_text_xml_url":"https://www.federalregister.gov/documents/full_text/xml/2021/11/23/2021-25510.xml","html_url":"https://www.federalregister.gov/documents/2021/11/23/2021-25510/computer-security-incident-notification-requirements-for-banking-organizations-and-their-bank","images":{},"images_metadata":{},"json_url":"https://www.federalregister.gov/api/v1/documents/2021-25510?publication_date=2021-11-23","mods_url":"https://www.govinfo.gov/metadata/granule/FR-2021-11-23/2021-25510/mods.xml","not_received_for_publication":null,"page_length":21,"page_views":{"count":28186,"last_updated":"2026-04-03 22:15:03 -0400"},"pdf_url":"https://www.govinfo.gov/content/pkg/FR-2021-11-23/pdf/2021-25510.pdf","presidential_document_number":null,"proclamation_number":null,"public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2021-25510.pdf?1637588737","publication_date":"2021-11-23","raw_text_url":"https://www.federalregister.gov/documents/full_text/text/2021/11/23/2021-25510.txt","regulation_id_number_info":{"3064-AF59":{"issue":"202110","html_url":"https://www.federalregister.gov/regulations/3064-AF59/computer-security-incident-notification-requirements-for-banking-organizations-and-their-bank-servic","title":"Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers","xml_url":"http://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202110&RIN=3064-AF59&operation=OPERATION_EXPORT_XML","priority_category":"Substantive, Nonsignificant"},"7100-AG06":{"issue":"202110","html_url":"https://www.federalregister.gov/regulations/7100-AG06/computer-security-incident-notification-requirements-for-banking-organizations-and-their-bank-servic","title":"Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers--(Docket No: R-1736)","xml_url":"http://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202110&RIN=7100-AG06&operation=OPERATION_EXPORT_XML","priority_category":"Substantive, Nonsignificant"},"1557-AF02":{"issue":"202110","html_url":"https://www.federalregister.gov/regulations/1557-AF02/computer-security-incident-notification-requirements-for-banking-organizations-and-their-bank-servic","title":"Computer-Security Incident Notification Requirements for Banking Organizations and their Bank Service Providers","xml_url":"http://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202110&RIN=1557-AF02&operation=OPERATION_EXPORT_XML","priority_category":"Substantive, Nonsignificant"}},"regulation_id_numbers":["1557-AF02","3064-AF59","7100-AG06"],"regulations_dot_gov_info":{"supporting_documents":[],"comments_count":0,"agency_id":"OCC","comments_url":"https://www.regulations.gov/docketBrowser?rpp=50&so=DESC&sb=postedDate&po=0&dct=PS&D=OCC-2020-0038","supporting_documents_count":0,"docket_id":"OCC-2020-0038","document_id":"OCC-2020-0038-0026","regulation_id_number":null,"title":"Computer Security Incident Notification","checked_regulationsdotgov_at":"2021-12-07T04:30:09Z"},"regulations_dot_gov_url":null,"significant":false,"signing_date":null,"start_page":66424,"subtype":null,"title":"Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers","toc_doc":"Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers","toc_subject":null,"topics":["Administrative practice and procedure","Bank deposit insurance","Banks, banking","Banks, banking","Banks, banking","Banks, banking","Freedom of information","Holding companies","National banks","Reporting and recordkeeping requirements","Savings associations"],"type":"Rule","volume":86}