The three prudential bank regulators published Final Rules for Computer-Security Incident Notification Requirements (Final Rules) on November 23, 2021. The purpose of the Final Rules is to promote timely notification of computer-security incidents that materially and adversely affect an insured depository institution. The new rules apply to insured depository institutions and to bank service company providers performing covered services for financial institutions. The Final Rules take effect on April 1, 2022, with full compliance extended to May 1, 2022. Continue reading >