The new Computer-Security Incident Notification Rule (36-Hour Rule) was created by the FDIC to require reporting obligations for ‘bank service providers’ who experience a ‘computer-security incident,’ effective May 1, 2022.

Compliance Systems does not fall under the definition of a ‘bank service provider’ and therefore, is not subject to this rule.

Notification requirements and processes for security-related incidents are detailed in Compliance Systems’ annual SOC 2 reports.