The flexibility we enjoy in our lives has to be one of the greatest things about it. Even though some situations diminish it a little, the power we have in terms of formulating our actions is always present under some capacity. This has helped us in chalking up our own path, and it’s safe to say that we have made the most of it. Now, having such freedom is certainly a flat out privilege, but it also notably brings some serious drawbacks to the fore. For instance, with nothing set in stone about how different individuals can use it, many have gone ahead and utilized the said power for fulfilling unethical objectives. These events, as you can guess, proved to be devastating in every imaginable sense, hence we had to look for a fix, and the idea of dedicated regulation gave us just the right answer. By monitoring different activities, we effectively reduced the cases that talked to creating an unhealthy environment within the concerned area. However, while the process looks fairly straightforward, it became somewhat complicated when technology appeared on the scene. The felons now had dramatically more advanced methods to get what they wanted. It rang true in a more severe sense too, as the game was no longer just about intentional evasion of the rules. Instead, we were now dealing with criminals who would use technology to cause mass-level disruption. U.S. regulatory industry has finally turned its attention to such groups, and a recent announcement does everything to show the country’s resolve for cracking this cyber puzzle.
U.S. banking regulators have officially finalized a rule that makes it mandatory for the banks to report any cybersecurity incidents within 36 hours of their discovery. The bank must also notify the customers in a case where disruption created by the incident lasts for more than 4 hours. It must be noted that the criteria regarding incident reporting includes any situations which impact a bank’s ability to provide services, conduct its core operations or hinder the stability of the financial sector as whole. According to the details shared so far, the new rule is set to go into effect on 1st April, 2022, with deadline to achieve full compliance falling on 1st May, 2022.
The rule has been in the pipeline for a while now. It was first proposed in December of last year, but following some negative feedback, it had to be amended. For instance, the original draft happened to be based heavily around “reporting in good faith”, which the evaluators adjudged to be unproductive. The amended rule was luckily able to signify a certain level of objectivity, thus eventually landing an approval from Federal Deposit Insurance Corporation (FDIC), Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency (OCC).
“Cyber incident notification encourages early collaboration between regulators and banks so that regulators are made aware of circumstances that may have broader implications across the financial system while banks work to respond to, and investigate the incident,” said The Bank Policy Institute, one of the industry groups involved in evaluation.