New 36-Hour Deadline for Reporting Cyber Security & Ransomware Incidents

What do 36 hours, May 1, 2022, and computer security have in common? They are all elements of the new reporting requirement for cyber security and ransomware incidents. Will you be ready for the May 1 deadline?


  • Implement appropriate practices to discover computer-security occurrences and determine whether they rise to the level of a notification incident
  • Identify critical timing requirements
  • Explain when notification is required to a primary federal regulator and to the banking organization
  • Assess if contractual notification provisions are consistent and compliant with the new law
  • Define a computer-security incident
  • Meet the 36-hour notification requirement after a notification incident

Computer-security incidents targeting the financial services industry have increased in frequency and severity in recent years. In an effort to promote early awareness of emerging threats, banking organizations and bank service providers are now required to comply with mandatory reporting requirements effective May 1, 2022. Proper identification of a triggering incident and timely reporting are critical actions imposed by this final rule.

The reporting requirements expand beyond a cyberattack and include additional types of non-malicious failure of hardware and software, such as a widespread user outage for customers and bank employees. It’s critical that your financial institution understands the various types of incidents that may trigger the notification requirements and develops the appropriate policies and procedures to fulfill the new requirements of this recently issued mandatory rule. Don’t let the 36-hour clock expire without meeting the notification requirement. Join us to learn the details of the final rule and receive recommendations on policies and procedures to assist with mandatory compliance reporting requirements.

Attendance certificate provided to self-report CE credits.

This informative session would best suit compliance officers, information security officers, senior management, business continuity officers, and those responsible for oversight of critical third-party servicers.


  • Checklist to aid in making required notification decisions
  • Required notification record
  • Fact sheet explaining the critical components of the final rule
  • Employee training log
  • Interactive quiz

PRESENTER – Molly Stull, Brode Consulting Services, Inc.
Molly Stull began her career as a teller while working on her undergraduate degree and has continued working in the financial industry ever since. She has experienced the growth of a hometown bank, branch mergers, charter changes, name changes, etc. Stull has activated business resumption plans, performed secondary market quality control reviews, processed wires, filed SARs, and coordinated reviews with external auditors and examiners. Her favorite role has always been educating staff and strongly believes that if staff understands the reason for a process they will be more compelled to follow the procedures. Stull holds a bachelor’s from the University of Akron and an MBA from Ashland University.


  • $245 Live Webinar Access
  • $245 On-Demand Access + Digital Download
  • $320 Both Live & On-Demand Access + Digital Download


Jan 25 2022


2:00 pm - 3:00 pm



More Info