US banks to report cybersecurity incidents within 36 hours

US banks will now have to report significant cybersecurity incidents to the government within 36 hours, according to sources reported by Bloomberg.

The news comes as banks in the UK are also facing scrutiny from regulators regarding the quality of their cyber defences.

A Bank of England (BoE) backed project set to test the IT resilience of the UK’s financial services (FS) sector was opened to FS firms of all sizes in October, according to sources reported by the Financial Times.


The US rule will apply to incidents expected to materially impact a bank's ability to conduct its operations, or which could impact the stability of the financial sector according to the sources.

Previously, there were no specific laws in the US governing how quickly banks needed to report cyber incidents.

The rule, approved by the Federal Reserve, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency, issued on Thursday is set to come into effect on May 1.

The sources said the new rule will also impact third parties who provide services to banks.

    Share Story:

Recent Stories


Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Transforming document management into a strategic advantage for financial institutions
In this exclusive fireside chat, John Rockliffe, Pre-Sales Manager at d.velop, discusses the findings of Adapting to a Digital-Native World: Financial Services Document Management Beyond 2025 and explores how FSIs can turn document workflows into a competitive advantage.

Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.