Federal banking agencies issued a proposal that would require banks to promptly notify their primary federal regulator after a computer security incident. Alerts would be required for incidents that could result in a bank's inability to deliver services, jeopardize viability, or affect financial stability.
The proposed rule would require notification as soon as possible and no later than 36 hours after an organization determines an incident has occurred. It also would require service providers to notify affected banking organizations immediately when they experience computer security incidents that materially affect certain services.