(a) Authority. This subpart is issued under the authority of 12 U.S.C. 1,321,1467a,1818,1844,1861,and.

(b) Purpose. This subpart promotes the timely notification of computer-security incidents that may materially and adversely affect Board-supervised entities.

(c) Scope. This subpart applies to all U.S. bank holding companies and savings and loan holding companies; state member banks; the U.S. operations of foreign banking organizations; and Edge and agreement corporations. This subpart also applies to their bank service providers, as defined in § 225.301(b)(2).