In Short The Situation: As we advised in our recent Commentary, federal banking regulators have proposed rules requiring a banking organization to provide its primary federal regulator with prompt notification of any "computer-security incident" that materially disrupts, degrades, or impairs certain important business operations. This proposal adds another reporting requirement for banking organizations. But it might also impact fintechs. The Result: Under the Bank Service Company Act ("BSCA"), a banking organization is required to disclose to their regulators all of its core service companies, but there is no requirement under the BSCA to inform the service company of the designation.