Control 3.4: Incident Reporting and Root Cause Analysis

Control ID: 3.4
Pillar: Reporting
Regulatory Reference: NYDFS 23 NYCRR 500.16 / 500.17 (incident response program; 72-hour notification; 24-hour ransom-payment notification), SEC Form 8-K Item 1.05 (4-business-day material cyber disclosure), Federal banking 36-hour computer-security incident rule (12 CFR Parts 53 / 225 / 304), SEC Regulation S-P (2024 amendments — written IR program; 30-day customer notice; 72-hour service-provider notice), FINRA Rule 4530(a) / (d), FINRA Notice 21-18 (Cybersecurity), FINRA Notice 25-07 (AI workflows — RFC, contextual only), GLBA 501(b) and FTC Safeguards Rule 16 CFR 314.4(j) (30-day FTC notice for ≥500-consumer events), FFIEC IT Examination Handbook (Information Security; Business Continuity Management), SOX §§ 302 / 404, SEC Rules 17a-3 / 17a-4 and FINRA Rule 4511 (records retention), CISA CIRCIA (rulemaking pending — horizon item), NCUA 12 CFR 748 (CU-affiliated)
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated

Objective

Establish a systematic process for capturing, investigating, and remediating AI agent-related incidents — security events, policy violations, performance failures, and compliance breaches — and produce records that support the multiple parallel regulator-notification clocks that apply to US financial services firms. This control supports detection, classification, root cause analysis, evidence preservation, and corrective action with a full audit trail; it does not by itself satisfy any specific regulator-notification obligation (see non-substitution warning below).

Non-Substitution — Tooling Supports, It Does Not Replace

The Microsoft Sentinel analytics rules, Microsoft Defender XDR incidents, Microsoft Purview Insider Risk Management cases, SharePoint case-management lists, and Power Automate notification flows referenced in this control are detection, triage, and evidence-collection surfaces. They do not replace, and must not be presented in the firm's WSPs or IR plan as a substitute for:

The firm's written Incident Response Program required by SEC Reg S-P 17 CFR 248.30(a)(3), the FFIEC IT Handbook (Information Security booklet), and (for NYDFS covered entities) 23 NYCRR 500.16.
Registered-principal supervisory review under FINRA Rule 3110 of the underlying business activity (see Control 2.12).
Legal hold and litigation-readiness processes invoked when an incident becomes reasonably anticipated litigation; legal hold is a Purview eDiscovery (Premium) and outside-counsel workflow, not a SOC workflow.
Regulator notification itself — notifications to NYDFS, the SEC (EDGAR / 8-K), FINRA (Firm Gateway), the firm's primary federal banking regulator, the FTC, state attorneys general, and affected customers are filings made by the firm's Compliance and Legal functions on the firm's letterhead. The IR tooling produces the evidence that supports those filings; it does not file them.
Books-and-records retention under SEC 17a-4 / FINRA 4511 — Sentinel and Defender operational retention windows are not WORM-compliant for 17a-4(f) purposes; long-term incident records must land in Purview retention or an approved 17a-4(f) vendor (see Controls 1.7 and 1.9).

Sovereign Cloud Availability — GCC, GCC High, DoD

As of the verification date in this document, the following components referenced in this control may have parity gaps in sovereign clouds; FSI tenants in GCC, GCC High, or DoD must verify availability before relying on the automated path and must implement compensating manual controls until parity is confirmed:

Microsoft Defender XDR unified incidents portal — verify advanced hunting, automated investigation and response parity.
Microsoft Sentinel — generally available in Azure Government, but specific data connectors (Microsoft Copilot, Power Platform Admin Activity, Defender for Cloud Apps) may lag commercial GA — see Control 3.9 connector matrix.
Microsoft Purview Insider Risk Management — verify availability; some IRM templates and analytics may not be at parity.
Microsoft Sentinel MCP Server (analyst augmentation) — no announced sovereign-cloud GA as of the verification date.

Compensating control: maintain a manual incident register (SharePoint list backed by Purview retention) plus a documented runbook listing the regulator-notification matrix below. Re-verify parity quarterly via the Microsoft 365 Government roadmap.

Why This Matters for FSI

US FSI firms face a stacked set of incident-notification clocks that run in parallel from different trigger events. The IR workflow this control establishes must capture the data needed to drive each clock and produce records that survive examiner scrutiny. The applicable clock(s) depend on the firm's charter, listing status, customer footprint, and the nature of the incident — the workflow must support all of them concurrently. Firms should map applicability with Legal and Compliance before relying on any individual clock.

NYDFS 23 NYCRR 500.17(a) — 72-hour cybersecurity event notification (covered entities): As amended November 2023 (compliance phased through November 2025), covered entities must notify the NYDFS Superintendent electronically as soon as possible but no later than 72 hours after determining a cybersecurity incident has occurred at the entity, an affiliate, or a third-party service provider. The amendments expanded the trigger to include incidents that require notice to another regulator/SRO, have a reasonable likelihood of materially harming operations, or result in material ransomware deployment.
NYDFS 23 NYCRR 500.17(c) — 24-hour ransom-payment notification: A separate 24-hour clock applies if the firm makes an extortion payment, with a written explanation due within 30 days. Class A Companies face additional reporting obligations.
SEC Form 8-K Item 1.05 — 4-business-day material cybersecurity incident disclosure (public-company FSIs): Effective for most registrants since December 18, 2023 (June 15, 2024 for smaller reporting companies). The four-business-day clock runs from the firm's determination of materiality, not from discovery. A national-security delay is available only on written determination by the U.S. Attorney General.
Federal banking 36-hour computer-security incident notification rule (12 CFR Parts 53 / 225 / 304, eff. April 1, 2022): Banking organizations must notify their primary federal regulator (OCC, FDIC, or Federal Reserve) as soon as possible and no later than 36 hours after determining that a "notification incident" has occurred. Bank service providers must notify affected bank customers as soon as possible.
SEC Regulation S-P (2024 amendments, compliance December 3, 2025 for larger covered institutions; June 3, 2026 for smaller): Requires a written incident response program and customer notification "as soon as practicable" but no later than 30 days after the covered institution becomes aware of unauthorized access to or use of sensitive customer information. Service providers must notify the covered institution within 72 hours of becoming aware of a breach.
FINRA Rule 4530(a) — 30-day reporting of specified events: Includes certain written customer complaints (theft, misappropriation, forgery), regulatory actions, and findings of certain violations. Reportable events filed via the FINRA Firm Gateway 4530 application.
FINRA Rule 4530(d) — quarterly written customer complaint statistical report: Written customer complaints received in the prior calendar quarter must be reported by the 15th of the month following quarter-end. AI-agent-generated communications that draw written customer complaints are in scope.
FINRA Notice 21-18 (Cybersecurity) and Notice 25-07 (AI Workflows — RFC / contextual only, not binding): Industry guidance reinforcing that AI-agent incidents are reportable when they involve customer NPI, books-and-records integrity, or supervisory-system failure.
GLBA Safeguards Rule (FTC 16 CFR 314.4(j), eff. May 13, 2024): Non-banking financial institutions in FTC jurisdiction must notify the FTC as soon as possible, and no later than 30 days, of a notification event affecting 500 or more consumers.
State breach-notification statutes (illustrative, not exhaustive): New York GBL § 899-aa (and the SHIELD Act expansions), California CCPA/CPRA breach-notification rules, Massachusetts 201 CMR 17, plus the residency-based statutes of every other state in which the firm holds customer NPI. The IR workflow must support per-state clock tracking.
CISA Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA): Final rulemaking pending as of the verification date. When effective, covered critical-infrastructure entities (expected to include large financial institutions) will owe a 72-hour incident report and a 24-hour ransom-payment report to CISA. Treat as a horizon item; verify status quarterly.
NCUA 12 CFR 748 (federally insured credit unions): 72-hour reportable cyber incident requirement.
GLBA 501(b) and FFIEC IT Examination Handbook (Information Security; Business Continuity Management): Establish the foundational incident-response program and examiner expectations into which the above clocks plug.
SOX §§ 302 / 404: A material AI-agent incident that affects ICFR is a potential material weakness; the audit-committee escalation path must be documented and exercised.
SEC Rules 17a-3 / 17a-4 and FINRA Rule 4511: Incident records, RCAs, regulator correspondence, and customer notifications are records of the business and must be retained on WORM-compliant media for the applicable period (generally 6 years, with the first 2 easily accessible).

Automation Available

See Deny Event Correlation Report in FSI-AgentGov-Solutions for daily deny event correlation across Purview Audit, DLP, and Application Insights.

Control Description

This control establishes incident classification, tracking, root cause analysis, evidence preservation, and remediation workflows for AI-agent-related events. It is implemented across Microsoft Defender XDR (unified incidents), Microsoft Sentinel (cross-source analytics + Logic Apps SOAR), Microsoft Purview Insider Risk Management (cases), Microsoft Purview eDiscovery (Premium) (legal hold + production), Microsoft 365 Service Health (Microsoft-side correlation), SharePoint (case management + RCA storage), and Power Automate (notification flows + approval workflows). The workflow must drive the multiple parallel regulator-notification clocks identified above.

Capability	Description
Classification Taxonomy	Categorize incidents by type, severity, AI-agent-specific class (model risk, identity, supervision, third-party)
Internal SLA Monitoring	Detect-to-Triage / Triage-to-Containment / Containment-to-Eradication / Internal Exec Notification clocks
Regulator Notification Matrix	Per-regulator timer + channel + owner table (see below)
Root Cause Analysis	Structured RCA process with 5-Whys / Fishbone templates; MRM feedback loop to Control 2.6
Evidence Pipeline	Sentinel + Defender + Purview IRM data routed to 17a-4(f)-compliant archive
Metrics Dashboard	MTTD / MTTA / MTTR, dwell time, repeat-incident rate, overdue notification items

Incident Categories:

Category	Severity Range	Example	Cross-Control Cascade
Security	Critical - High	Unauthorized access, DLP violation	1.5, 1.7, 3.9
Compliance	Critical - Medium	Policy breach, missing audit records	2.12, 1.7
Data Quality / Model Risk	Critical - Low	Hallucination affecting trade or recommendation	2.6 MRM re-validation
Privacy	Critical - High	Customer NPI exposure, GLBA breach, Reg S-P trigger	1.7, 1.9
Identity / Agent ID	Critical - Medium	Orphaned agent acted on stale context	3.6 remediation register
Supervision	Critical - Medium	HITL bypass, rogue auto-send	2.12 supervisory queue
Third-party / Service Provider	Critical - High	Vendor breach triggering Reg S-P 72-hour notice	2.16 vendor governance

Regulator Notification Matrix

The firm's IR workflow must select the applicable rows based on charter, listing status, customer footprint, and incident type. Multiple rows can fire simultaneously from the same incident. Clocks generally run from a determination event (materiality, awareness, occurrence) rather than from discovery; the workflow must capture the determination timestamp, the determining individual, the legal basis, the notice channel, the notice content, the recipient acknowledgment, and the supporting evidence reference. These records are themselves books-and-records under SEC 17a-4 / FINRA 4511.

Regulator / Recipient	Trigger	Clock	Channel	Trigger Owner
NYDFS Superintendent	Cybersecurity incident at covered entity, affiliate, or 3P service provider (23 NYCRR 500.17(a))	72 hours from determination	NYDFS Cybersecurity Portal (electronic)	CISO + General Counsel
NYDFS Superintendent	Extortion payment made (23 NYCRR 500.17(c))	24 hours; written explanation within 30 days	NYDFS portal	CFO + General Counsel
SEC (Form 8-K Item 1.05)	Material cybersecurity incident at public-company registrant	4 business days from materiality determination	EDGAR	Disclosure Committee + Outside Counsel
OCC / FDIC / Federal Reserve	"Notification incident" at banking organization (12 CFR 53 / 225 / 304)	36 hours from determination	Primary federal regulator's incident channel	CISO + Bank Compliance
FINRA (Rule 4530(a))	Specified events including certain customer complaints, regulatory actions, findings	30 calendar days	FINRA Firm Gateway 4530 application	Chief Compliance Officer
FINRA (Rule 4530(d))	All written customer complaints, statistical	15 days after quarter-end	FINRA Firm Gateway	CCO
FTC (GLBA Safeguards Rule 16 CFR 314.4(j))	Notification event affecting ≥500 consumers (non-bank FIs)	As soon as possible, ≤30 days	FTC online form	CISO + Privacy Officer
SEC Reg S-P customer notice	Unauthorized access/use of sensitive customer information	As soon as practicable, ≤30 days from awareness	Direct customer notice	Privacy Officer + CCO
State Attorneys General + affected residents	State breach-notification statutes (NY GBL §899-aa, CA CCPA, MA 201 CMR 17, etc.)	Per-state, varies (often 30–60 days; some "without unreasonable delay")	Per-state portal + customer notice	Privacy Officer + Outside Counsel
CISA (CIRCIA, when effective)	Covered cyber incident at covered critical-infrastructure entity	72 hours for incident; 24 hours for ransom payment	CISA reporting portal (TBD)	CISO
NCUA	Reportable cyber incident at federally insured credit unions (12 CFR 748)	72 hours	NCUA Secure Email	CISO
Cyber-insurance carrier	Per policy notice provisions	Per policy (often "as soon as practicable")	Carrier portal / broker	Risk Management
Microsoft (M365 Service Health, Premier/Unified support)	Microsoft-side incident affecting agent platform	Per support contract	Microsoft 365 admin center → Service health; Premier ticket	M365 Admin

Microsoft Tooling Map (Detection → Investigation → Response → Evidence)

Surface	Role in IR Workflow	Reference
Microsoft Defender portal — Incidents (security.microsoft.com)	Unified XDR incidents that auto-correlate alerts from Defender for Endpoint, Office 365, Identity, Cloud Apps, and Sentinel into single attack stories. Primary SOC triage surface.	Defender XDR incidents overview
Microsoft Sentinel — Incidents + Logic Apps playbooks (SOAR)	Cross-source analytics, automation rules, SOAR playbooks for containment (suspend agent, disable account, enrich with ServiceNow). See Control 3.9.	Investigate Sentinel incidents
Microsoft Purview Insider Risk Management — Cases	Insider-driven AI-agent misuse (data exfiltration via agent, anomalous prompt behavior). Pseudonymized by default; cases can be escalated to eDiscovery (Premium). See Control 1.12.	Purview IRM cases
Microsoft Purview Communication Compliance	Customer-communication policy violations surfaced from Copilot-generated content (FINRA 2210 / 3110 link — see 2.12).	Communication Compliance
Microsoft Purview eDiscovery (Premium)	Legal hold, custodian preservation, regulator-production workflow. Required when incident becomes reasonably anticipated litigation.	eDiscovery Premium
Microsoft 365 Service Health (admin.microsoft.com → Health → Service health)	Microsoft-side incidents (Copilot, Power Platform, Entra) that may be the cause of, or a confounder for, an agent incident. Correlate before declaring a firm-side incident.	Service health
Microsoft Purview Audit (Premium)	1-year (10-year add-on) immutable audit log for evidence. Underpins 17a-4 evidence chain together with Pillar 4 retention.	See Control 1.7

Evidence and Retention

Evidence Artifact	Source	Retention	Storage
Incident case record (timeline, decisions, owners, status)	SharePoint IR list / Defender XDR / Sentinel	6 years (10+ for Zone 3)	Purview retention label, WORM-equivalent
Root Cause Analysis document	SharePoint / OneNote (legal-hold-aware site)	6 years	Purview retention label
Regulator notification copy + acknowledgment	Outbound email + regulator portal receipt	6 years (FINRA / SEC examination horizon)	17a-4(f)-compliant store
Customer notification copy	Mail merge output + delivery log	6 years (state law may require longer)	Purview retention label
Sentinel KQL query + result snapshot used to determine scope	Sentinel + manual export	6 years	Storage account with immutability policy
Defender XDR incident JSON export	Defender API	6 years	Same as above
Purview IRM case export	IRM case export	6 years	Same as above
Legal-hold notice + custodian acknowledgments	Purview eDiscovery (Premium)	Duration of matter + applicable retention	Purview
Materiality-determination memo (8-K Item 1.05)	Disclosure Committee minutes	Permanent (corporate records)	Corporate secretary repository
Tabletop exercise / Rule 3120 supervisory-control test results	Annual exercise output	6 years	SharePoint with retention label

Key Configuration Points

Create SharePoint incident tracking list with required fields (ID, category, AI-agent-specific class, severity, determination timestamp, applicable regulator timers, owner per timer, RCA, resolution, evidence pointers)
Configure Power Automate workflows for new incident notification, internal SLA breach alerts, and per-regulator timer countdowns

Define internal response SLAs (technical workflow — distinct from regulator clocks):

Severity	Detect-to-Triage	Triage-to-Containment	Containment-to-Eradication	Internal Exec Notification
Critical (Zone 3, customer NPI, books-and-records integrity)	15 min	1 hr	24 hr	CISO + CCO + GC within 1 hr
High	1 hr	4 hr	72 hr	CISO + CCO within 4 hr
Medium	4 hr	24 hr	7 days	Sec / Compliance lead daily report
Low	24 hr	7 days	30 days	Weekly trend

Internal SLAs are separate from and additive to the external regulator clocks. Meeting an internal containment SLA does not satisfy a regulator notification deadline, and missing an internal SLA does not by itself create a regulator-reportable event.

Establish RCA document template with 5-Whys or Fishbone analysis sections; include MRM feedback ticket to Control 2.6 when the agent is a model in the MRM inventory
Integrate with Microsoft Defender XDR (unified incidents) and Microsoft Sentinel (cross-source analytics + SOAR — see Control 3.9)
Stand up Purview Insider Risk Management cases for insider-driven AI-agent misuse (see Control 1.12)
Configure regulator-notification tracking for every applicable timer in the matrix above; track per-state breach-notification clocks for the firm's customer-residency footprint
Wire legal-hold invocation via Purview eDiscovery (Premium) when an incident becomes reasonably anticipated litigation
Configure MITRE ATT&CK + MITRE ATLAS tagging in Sentinel and Defender XDR analytics rules for adversarial-ML reporting consistency
Document OFAC sanctions screening in any extortion-payment workflow; route to General Counsel / Treasury before any payment

Zone-Specific Requirements

Zone	Requirement	Rationale
Zone 1 (Personal)	Standard response (24h); optional RCA for low severity	Low-risk personal use
Zone 2 (Team)	Accelerated response (4h); RCA required for all incidents	Shared data increases risk
Zone 3 (Enterprise)	Immediate response (15min); full RCA required; 7–10 year retention	Customer-facing, regulatory examination risk

Roles & Responsibilities

Role	Responsibility
CISO / Incident Commander	Owns IR program, declares incidents, coordinates response
Chief Compliance Officer (CCO)	Owns FINRA Rule 4530 filings; co-owns regulator notification
General Counsel / Outside Counsel	Owns legal hold, privilege, regulator-notification language, 8-K materiality determination
Privacy Officer	Owns Reg S-P, GLBA, and state-law customer-notification workflows
Disclosure Committee (public-company FSIs)	Owns 8-K Item 1.05 materiality determination
Designated Series 24 Principal (BD) / Series 66 Principal (RIA)	Documents supervisory-system implications under FINRA 3110 (see 2.12)
AI Governance Lead	Owns AI-agent-specific RCA, model-risk feedback to Control 2.6
Entra Security Admin / Sentinel Admin / SOC Analyst	Operates Sentinel, Defender XDR, Purview IRM cases; produces evidence
Power Platform Admin	Suspends/quarantines implicated agents, captures agent state for evidence
M365 Admin	Monitors Microsoft 365 Service Health for Microsoft-side correlated outages
Business Continuity Officer	Activates BCP/DR if incident triggers 12 CFR Part 30 Appendix B / FFIEC BCM thresholds
Internal Audit	Independent post-incident review; reports to Audit Committee under SOX 404

Control	Relationship
1.5 - DLP and Sensitivity Labels	DLP violation correlation (Deny Event Correlation Report)
1.7 - Audit Logging	Provides evidence chain for investigations and regulator production
1.8 - Runtime Protection	Detects security incidents at runtime
1.9 - Data Retention and Deletion Policies	Books-and-records retention (FINRA 4511 / 17a-4) — incident records land here, not in Sentinel
1.11 - Conditional Access and Phishing-Resistant MFA	Identity-incident detection (break-glass alerts, anomalous workload-identity sign-in)
1.12 - Insider Risk Detection and Response	Insider-driven AI-agent misuse cases routed via Purview IRM
2.6 - Model Risk Management (OCC 2011-12 / SR 11-7)	Material model-behavior incidents trigger MRM re-validation
2.12 - Supervision and Oversight (FINRA Rule 3110)	Supervisory-relevant incidents feed the designated-principal review queue
2.25 - Agent 365 Admin Center Governance Console	Agent inventory + metadata enrichment for incident triage
3.2 - Usage Analytics	Identifies anomalies leading to incidents
3.3 - Compliance Reporting	Includes incident summary in reports
3.6 - Orphaned Agent Detection and Remediation	Identity / Agent-ID incidents cascade into the 3.6 remediation register
3.9 - Microsoft Sentinel Integration	Primary detection / SIEM-SOAR plane for AI-agent incidents

Automated Validation: Deny Event Correlation Report

For automated deny event detection and alerting supporting incident reporting workflows, see the Deny Event Correlation Report solution.

Capabilities:

Multi-source deny event extraction (RAI telemetry, Purview Audit, Purview DLP)
Daily correlation engine with 7-day trend analysis and volume anomaly detection
Zone-based alerting with Teams adaptive cards and email notifications
Dataverse persistence with zone-based retention (90d/365d/730d)
SHA-256 integrity-hashed evidence export with regulatory alignment mapping

Deployable Solution: deny-event-correlation-report provides PowerShell extraction scripts, Dataverse infrastructure, Power Automate orchestration flow, and evidence export pipeline.

Implementation Playbooks

Step-by-Step Implementation

This control has detailed playbooks for implementation, automation, testing, and troubleshooting:

Portal Walkthrough — Step-by-step portal configuration
PowerShell Setup — Automation scripts
Verification & Testing — Test cases and evidence collection
Troubleshooting — Common issues and resolutions

Verification Criteria

Confirm control effectiveness by verifying:

Internal response SLA table is documented, distinct from regulator clocks, and tested annually (FINRA Rule 3120-style review).
Regulator Notification Matrix is published in the IR runbook with a named owner per row.
NYDFS 72-hour clock is exercised in at least one tabletop per year and timing evidence retained.
NYDFS 24-hour ransom-payment clock and FAQ are documented and known to the CFO; OFAC screening step in place.
SEC 8-K Item 1.05 materiality-determination workflow exists, names the Disclosure Committee, and produces a written memo per incident considered.
Federal banking 36-hour determination workflow exists for bank-affiliated tenants and identifies the primary federal regulator.
Reg S-P 30-day customer-notification template is approved by Privacy Officer and Outside Counsel; service-provider 72-hour breach-notice clauses are in vendor contracts.
FINRA 4530(a) 30-day and 4530(d) quarterly filings include AI-agent-derived events when applicable.
State-residency map is maintained and per-state notification templates exist for at least the top 10 customer-residency states.
Critical-severity AI-agent incidents trigger CISO + CCO + GC notification within 1 hour with evidence of delivery.
Incident closure is gated on completed RCA (5-Whys or equivalent), corrective actions, and Control-2.6 MRM feedback ticket where the agent is a model in the MRM inventory.
Legal hold is invoked, with written acknowledgments, whenever the incident becomes reasonably anticipated litigation.
Sentinel / Defender XDR / Purview IRM data extracts used in regulator notifications are also written to 17a-4(f)-compliant storage; Sentinel operational retention is not treated as the books-and-records record.
Microsoft 365 Service Health is checked and the result is recorded for every Sev-Critical / Sev-High incident before firm-side root cause is declared.
Sovereign-cloud compensating controls (manual register, manual matrix) are exercised quarterly in GCC / GCC High / DoD tenants.
Annual incident-program self-assessment is reported to the Audit Committee under SOX 404.

Additional Resources

Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current