FOR IMMEDIATE RELEASE:
Taproot Security Comments on Bank Security Incident Reporting Rule
Asks OCC to incentivize fully timely notifications
Saint Paul, MN, March 30, 2021 – Taproot Security submitted a formal comment letter to the US Office of the Comptroller of Currency (OCC) recommending banks be given adequate time and confidentiality to ensure detailed, actionable notifications. The proposed rule currently mandates a report within 36 hours of an incident and doesn't offer explicit confidentiality guarantees.
"I support transparency for bank security incidents," said Taproot Security founder Mike McCormick. "But the clock should start ticking only after the bank has a chance to confirm the incident, carry out emergency response procedures, and protect its customers. Requiring notification while the organization in the midst of crisis only creates distraction and less reliable information. Regulators must also keep information strictly confidential if it's going to be detailed and actionable."
About Taproot Security
Taproot Security is an information security consulting firm advising industry and government on cyber issues and policy. For more information, please visit http://www.taprootsecurity.com/.
To learn more about this announcement, please contact
Founder & President
Taproot Security, LLC
- END -