New 36-Hour Deadline for Reporting Cyber Security & Ransomware Incidents

On-Demand Webinar
StreamedJan 25, 2022Duration60 minutes
  • Unlimited & shareable access starting two business days after live stream
  • Available on desktop, mobile & tablet devices 24/7
  • Take-away toolkit
  • Ability to download webinar video
  • Presenter's contact info for questions
See Registration Options

What do 36 hours, May 1, 2022, and computer security have in common?

They are all elements of the new reporting requirement for cyber security and ransomware incidents. Will you be ready for the May 1 deadline?

  • Implement appropriate practices to discover computer-security occurrences and determine whether they rise to the level of a notification incident
  • Identify critical timing requirements
  • Explain when notification is required to a primary federal regulator and to the banking organization
  • Assess if contractual notification provisions are consistent and compliant with the new law
  • Define a computer-security incident
  • Meet the 36-hour notification requirement after a notification incident


Computer-security incidents targeting the financial services industry have increased in frequency and severity in recent years. In an effort to promote early awareness of emerging threats, banking organizations and bank service providers are now required to comply with mandatory reporting requirements effective May 1, 2022. Proper identification of a triggering incident and timely reporting are critical actions imposed by this final rule.

The reporting requirements expand beyond a cyberattack and include additional types of non-malicious failure of hardware and software, such as a widespread user outage for customers and bank employees. It’s critical that your financial institution understands the various types of incidents that may trigger the notification requirements and develops the appropriate policies and procedures to fulfill the new requirements of this recently issued mandatory rule. Don’t let the 36-hour clock expire without meeting the notification requirement. Join us to learn the details of the final rule and receive recommendations on policies and procedures to assist with mandatory compliance reporting requirements.


This informative session would best suit compliance officers, information security officers, senior management, business continuity officers, and those responsible for oversight of critical third-party servicers.


  • Checklist to aid in making required notification decisions
  • Required notification record
  • Fact sheet explaining the critical components of the final rule
  • Employee training log
  • Interactive quiz
  • PDF of slides and speaker’s contact info for follow-up questions
  • Attendance certificate provided to self-report CE credits.

All materials are subject to copyright. Transmission, retransmission, or republishing of any webinar to other institutions or those not employed by your financial institution is prohibited. Print materials may be copied for eligible participants only.

Presented By

Molly StullMolly Stull
Brode Consulting Services, Inc.