In December 2020, the Board of Governors of the Federal Reserve System (“Federal Reserve”), Office of the Comptroller of the Currency (“OCC”), and Federal Deposit Insurance Corporation (“FDIC,” collectively with the Federal Reserve and OCC, the “Federal Regulators”) proposed new cyber incident notification requirements for institutions that they regulate and their service providers (the “Proposal”).

On April 20, 2020, the Financial Stability Board released a “consultative document” on Effective Practices for Cyber Incident Response and Recovery (the “Proposal”). The Proposal requests public comment on a “toolkit” of effective practices designed to assist financial institutions in cyber incident response and recovery activities. This Legal Update discusses the content and context of