Regulatory incident & breach notification engine¶
| ID | MOD-058 |
| System | SD06 |
| Repo | bank-risk-platform |
| Build status | Not started |
| Deployed | No |
Purpose¶
Manage the regulatory incident notification workflow, ensuring that material operational and security incidents are classified, recorded, and notified to RBNZ, APRA, FMA, and other relevant regulators within required timeframes.
What it does¶
The module receives incident records from the operational resilience monitor (MOD-042) and the security operations function. It applies the platform's incident classification matrix to determine whether an incident meets the notification thresholds under CPS 230 (operational incidents), CPS 234 (information security incidents), and applicable NZ supervisory frameworks.
For each notifiable incident, the module generates a notification record pre-populated with the required fields: incident description, systems and customers affected, cause, and remediation steps. The notification is routed to the CCO and CTO for review and approval before submission. Once approved, the module submits the notification to the relevant regulator via the prescribed channel and records the submission timestamp and acknowledgement receipt.
The module tracks open incidents through to resolution and prompts for post-incident review completion within 30 days. An annual notification capability test is scheduled and tracked by the module.
Compliance reason¶
REP-009 imposes 72-hour notification deadlines under CPS 230 and CPS 234 and equivalent NZ requirements. Without an automated workflow, the platform risks missing regulatory notification deadlines in high-pressure incident situations.
Commercial reason¶
Early and accurate regulator notification reduces the risk of supervisory escalation and demonstrates operational maturity. The module also provides the Board with a complete view of incident notification performance.
Module dependencies¶
Depends on¶
| Module | Title | Required? | Contract | Reason |
|---|---|---|---|---|
| MOD-076 | Observability platform | Required | — | MOD-076 observability alerts (e.g. system outages, SLA breaches) are the primary trigger for regulatory incident notifications. MOD-058 consumes MOD-076 alert events from the bank-risk-platform bus to initiate the incident registration and regulator notification workflow. |
| MOD-104 | AWS shared infrastructure bootstrap | Required | — | MOD-104 provisions the S3 Iceberg bucket (Snowflake external tables), KMS key, and bank-risk-platform EventBridge bus ARN. Required before this module can be deployed. |
| MOD-102 | Snowflake account configuration & governance | Required | — | Snowflake account and governance provisioned by MOD-102 must exist before this module can read or write Snowflake. |
Required by¶
(No modules in this wiki currently declare a dependency on this module.)
Policies satisfied¶
| Policy | Title | Mode | How |
|---|---|---|---|
| REP-009 | Regulatory incident & breach notification | AUTO |
Manages the incident register, routes notifications to the correct regulator within required timeframes, and tracks acknowledgement receipts. |
Capabilities satisfied¶
(No capabilities mapped)
Part of SD06 — Snowflake Analytics & Risk Platform
Compiled 2026-05-22 from source/entities/modules/MOD-058.yaml