TAPROOT SECURITY®
Cybersecurity Consulting
FOR IMMEDIATE RELEASE:
Taproot Security Comments on Bank Security Incident Reporting Rule
Asks OCC to incentivize fully timely notifications
Saint Paul, MN, March 30, 2021 – Taproot Security submitted a formal comment letter to the US Office of the Comptroller of Currency (OCC) recommending banks be given adequate time and confidentiality to ensure detailed, actionable notifications. The proposed rule currently mandates a report within 36 hours of an incident and doesn't offer explicit confidentiality guarantees.
"I support transparency for bank security incidents," said Taproot Security founder Mike McCormick. "But the clock should start ticking only after the bank has a chance to confirm the incident, carry out emergency response procedures, and protect its customers. Requiring notification while the organization in the midst of crisis only creates distraction and less reliable information. Regulators must also keep information strictly confidential if it's going to be detailed and actionable."
The full text of the proposed OCC rule is here. Taproot Security comments are publicly available here .
About Taproot Security
Taproot Security is an information security consulting firm advising industry and government on cyber issues and policy. For more information, please visit http://www.taprootsecurity.com/.
Contact
To learn more about this announcement, please contact
Michael McCormick
Founder & President
Taproot Security, LLC
- END -