On December 17, 2020, the Office of the Comptroller of the Currency, Treasury (OCC); the Federal Reserve; and the Federal Deposit Insurance Corporation (FDIC) issued a Notice of Proposed Rulemaking that would require financial institutions to notify their primary federal financial regulator, within 36 hours of becoming aware, that a “computer-security incident” or “notification incident” has occurred.