Brad Neighbors, partner in the Birmingham office and member of the Financial Services Practice, shared insights in an article published by the Birmingham Business Journal discussing recent changes in cybersecurity rules for banks. Beginning April 1, it will be required that all U.S. banking organizations report any significant cybersecurity incidents to federal regulators within 36 hours of their occurrence.
In the article, Brad explained that previous banking rules required that only incidents involving unauthorized access to sensitive customer information be reported. He also shared that with the updated rule, banking institutions will need to “report incidents that disrupt or degrade their operations, prevent customers from accessing their accounts or that affect the financial sector’s stability”.
Brad indicated that banks may struggle at first to determine which incidents require reporting. To aid with potential confusion, he suggests that banks carefully review policies and procedures, ensuring that proper plans for compliance are in place, potentially designating a specific individual to notify regulators.
Brad counsels financial institutions in all aspects of the financial services industry, including regulatory compliance, vendor risk management, corporate governance, mergers and acquisitions and new bank formation. He has a wide range of financial institution clients, from community banks to large regional banks. He also has clients who are non-bank financial institutions, such as credit unions, finance companies or other businesses that are not typically considered financial institutions but offer in-house financing for their own goods and services.