Jim Freis of CRINDATA talks about whether or not financial institutions will likely be required to give notice to their regulators of qualifying events like critical incidents.
Transcript:
It’s very likely, and within a foreseeable period of time, that regulators and other competent authorities — there can be authorities beyond the financial services provider with respect to, for instance, a customer data breach that need to be notified — it’s expected that that will happen not only in the United States, under a regulatory proposal that was launched through a public rule making and consultation at the beginning of this year (2021), but it’s also a core aspect of a draft regulation that’s been out for consultation in Europe and what is also expected to go final within the course of the coming months.
So it’s an inevitability that there will be a communication requirement directly to regulators, and that’s a consensus among leading regulators that that’s a best practice and a “need to happen”.
