Federal banking regulators on Thursday approved a final rule that will streamline the sharing of information about cybersecurity threats and incidents that could affect the U.S. banking system, according to a announcement by the United States Office of the Comptroller of the Currency.
The new rule “requires a banking organization to notify its lead federal regulator of any significant IT security incident as soon as possible and no later than 36 hours after the banking organization determines that a cyber incident has occurred.” , according to the ad.
Branches must file notifications for incidents that “have materially affected – or are reasonably likely to materially affect – the viability of a banking organization’s operations, its ability to provide banking products and services, or the stability of the financial sector. », Says the ad.
The notice adds that banking service providers should notify customers “as soon as possible when the provider determines that they have experienced an IT security incident that has materially affected or is reasonably likely to materially affect the organization’s customers. banking for four hours or more “.
Agencies must comply with the final rule by May 1, 2022.
Related: Lawmakers could ban ransomware payments from private companies
Senator Gary Peters of Michigan, chairman of the Senate Homeland Security Committee, told a Washington Post Live event last month that Congress is “not closing the door” on banning ransomware payments, citing a $ 100 million response and recovery fund in the bipartisan infrastructure bill debated this summer.
The FBI says companies shouldn’t pay ransom to fraudsters who hack into computer networks, but private companies have been allowed to make the payments if they choose.
In June, President Joe Biden met with Russian President Vladimir Putin and pushed for a crackdown on what Biden called Russia-based cybercrime. Biden said critical infrastructure should not be the target of ransomware attacks.
The Biden administration also hosted 30 leaders from around the world at a virtual global summit to fight ransomware in October.
The US Treasury Department said US banks recorded around $ 600 million in suspected ransomware payments during the first half of 2021, more than 2020 as a whole.
Read also: Senator denounces crypto’s ‘anonymity’ in crimes, calls on government to act
In September, Senator Maggie Hassan of New Hampshire, a member of the Senate Committee on Homeland Security and Government Affairs, said the increase in ransomware and similar cyber attacks over the past year had been aided by anonymity of cryptocurrency.