US banking regulators promulgate a final rule for 36-hour notice of breach

By David Kessler (US), David Kitchen (US), Tim Byrne (US) and Susan Ross (US) on November 23, 2021 Posted in Data breach

On November 18, 2021, the US federal banking regulators Office of the Comptroller of the Currency, Federal Reserve Board and Federal Deposit Insurance Corporation jointly announced a final rule that will require banking organizations (which includes the U.S. operations of foreign banking organizations) to notify their regulators as soon as possible but no later than 36 hours of … Continue reading

Hong Kong Monetary Authority Announces Enhanced Competency Framework on Cybersecurity

By Anna Gamvros and Ruby Kwok (HK) on December 27, 2016 Posted in Regulatory response

Data Protection Report - Norton Rose Fulbright

On 19 December 2016, the Hong Kong Monetary Authority (“HKMA”) announced the launch of the Enhanced Competency Framework on Cybersecurity (“ECF-C”).… Continue reading

Federal Financial Institutions Examination Council issues Cybersecurity Assessment Tool to evaluate cybersecurity risks and preparedness

By on July 19, 2015 Posted in Regulatory response

On June 30, 2015, the Office of the Comptroller of Currency (“OCC”) announced that the Federal Financial Institutions Examination Council (“FFIEC”) issued a Cybersecurity Assessment Tool that would allow institutions to evaluate their risks and cybersecurity preparedness in OCC Bulletin 2015-31. … Continue reading