and basic banking services in low- and moderate-income communities, (ii) adapt to changes in the banking industry, including internet and mobile banking, (iii) provide greater clarity, consistency and transparency in the application of the regulations and (iv) tailor performance standards to account for differences in bank size, business model, and local conditions.
Cybersecurity. In March 2015, federal regulators issued two related statements regarding cybersecurity. One statement indicates that financial institutions should design multiple layers of security controls to establish lines of defense and to ensure that their risk management processes also address the risk posed by compromised customer credentials, including security measures to reliably authenticate customers accessing internet-based services of the financial institution. The other statement indicates that a financial institution’s management is expected to maintain sufficient business continuity planning processes to ensure the rapid recovery, resumption and maintenance of the institution’s operations after a cyber-attack involving destructive malware. A financial institution is also expected to develop appropriate processes to enable recovery of data and business operations and address rebuilding network capabilities and restoring data if the institution or its critical service providers fall victim to this type of cyber-attack. If the Company fails to observe the regulatory guidance, it could be subject to various regulatory sanctions, including financial penalties.
On November 18, 2021, the federal bank regulatory agencies issued a final rule, effective April 1, 2022, imposing new notification requirements for cybersecurity incidents. The rule requires financial institutions to notify their primary federal regulator as soon as possible and no later than 36 hours after the institution determines that a cybersecurity incident has occurred that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, the institution’s: (i) ability to carry out banking operations, activities, or processes, or deliver banking products and services to a material portion of its customer base, in the ordinary course of business, (ii) business line(s), including associated operations, services, functions, and support, that upon failure would result in a material loss of revenue, profit, or franchise value, or (iii) operations, including associated services, functions and support, as applicable, the failure or discontinuance of which would pose a threat to the financial stability of the United States.
On March 9, 2022, the SEC issued a proposed rule intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident reporting by public companies, such as the Company, that are subject to the reporting requirements of the Exchange Act. The proposed rule would require current reporting about material cybersecurity incidents and periodic disclosures about policies and procedures to identify and manage cybersecurity risks, management’s role in implementing cybersecurity policies and procedures, and the board of directors’ cybersecurity expertise and its oversight of cybersecurity risk.
To date, we have not experienced a significant compromise, significant data loss or any material financial losses related to cybersecurity attacks, but our systems and those of our customers and third-party service providers are under constant threat and it is possible that we could experience a significant event in the future. Risks and exposures related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of Internet banking, mobile banking and other technology-based products and services by us and our customers.
Coronavirus Aid, Relief, and Economic Security Act and Consolidated Appropriations Act, 2021. In response to the COVID-19 pandemic, the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) was signed into law on March 27, 2020 and the Consolidated Appropriations Act, 2021 (“Appropriations Act”) was signed into law on December 27, 2020. Among other things, the CARES Act created the Small Business Administration (“SBA”) Paycheck Protection Program (“PPP”) and it was extended by the Appropriations Act. Under the PPP, money was authorized for small business loans to pay payroll and group health costs, salaries and commissions, mortgage and rent payments, utilities, and interest on other debt. The loans were provided through participating financial institutions, such as the Bank, that processed loan applications and service the loans.
Future Legislation and Regulation. Congress may enact legislation from time to time that affects the regulation of the financial services industry, and state legislatures may enact legislation from time to time affecting the regulation of financial institutions chartered by or operating in those states. Federal and state regulatory agencies also periodically propose and adopt changes to their regulations or change the manner in which existing regulations are applied. The substance or impact of pending or future legislation or regulation, or the application thereof, cannot be predicted, although