A state bank shall notify the banking commissioner and submit the information required by 12 CFR Part 225, Subpart N, or Part 304, Subpart C, as applicable, or any successor regulation, regarding a computer-security incident that qualifies under such regulations as a notification incident, no later than the time the information is required to be submitted to the applicable federal regulatory agency.