Banks must report major cyberattacks to regulators within 36 hours if the incident is likely to disrupt their business, according to a new rule from U.S. regulators.
Any “computer security incident” that threatens a lender’s operations, services to customers or the stability of the financial system has to be disclosed to the bank’s primary government watchdog, according to a rule issued on Thursday that is set to go live on May 1.
The regulation, approved by the
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.