Our bank ran into an exam issue because we filed our first cyber event SAR. Our state examiners cited non compliance with FIL-27-2005, which states "Notifying its primary regulator as soon as possible when the institution becomes aware of an incident involving unauthorized access to or use of sensitive customer information". Given that this was our first problem of this type, does anyone have any procedures that we might use to enhance our incident response plan? Also, given that this guidance is so old, has the standard "as soon as possible" changed. I think there was a recent letter outlining a possible change to a specific timeframe, due to the lengthier process for a SAR filing. Any information that is shared would help! Thank you.
73% of bankers believe their communities are stronger or the same today as last year, indicating the worst of the pandemic is likely behind us. We look at the state of the banking industry, and how it may influence upcoming exams. Read Article