Ask Reggi Your Question Now
Can you summarize 12 CFR Part 53?
COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY > COMPUTER-SECURITY INCIDENT NOTIFICATION
Short Summary
This document governs the computer-security incident notification requirements for banking organizations, including national banks, Federal savings associations, Federal branches or agencies of foreign banks, and bank service providers. It defines various terms such as banking organization, bank service provider, business line, computer-security incident, covered services, designated financial market utility, notification incident, and person. The document requires banking organizations to notify the appropriate OCC supervisory office or OCC-designated point of contact about a notification incident as soon as possible and no later than 36 hours after the incident is determined. Bank service providers are also required to notify affected banking organization customers as soon as possible in the event of a computer-security incident that has materially disrupted or degraded covered services provided to the banking organization for four or more hours. The designated point of contact can be an email address, phone number, or any other contact previously provided by the banking organization customer. The notification requirement does not apply to scheduled maintenance, testing, or software updates previously communicated to a banking organization customer. The document does not specify any specific penalties for non-compliance or violation of its provisions.
Whom does it apply to?
National banks, Federal savings associations, Federal branches and agencies of foreign banks, and bank service providers
What does it govern?
Computer-security incident notification requirements for banking organizations
What are exemptions?
Designated financial market utilities
What are the Penalties?
The document does not specify any specific penalties for non-compliance or violation of its provisions.
Jurisdiction
U.S. Federal Government