Skip to main content
  1. Home
  2. Holding and Nonbank Financial Companies
  3. Regulation Y
  4. SUBPART N
  5. SECTION 225.300
4-058.897

SUBPART N—COMPUTER-SECURITY INCIDENT NOTIFICATION

SECTION 225.300—Authority, Purpose, and Scope

(a) Authority. This subpart is issued under the authority of 12 U.S.C. 1, 321-338a, 1467a(g), 1818(b), 1844(b), 1861-1867, and 3101 et seq.
(b) Purpose. This subpart promotes the timely notification of computer-security incidents that may materially and adversely affect Board-supervised entities.
(c) Scope. This subpart applies to all U.S. bank holding companies and savings and loan holding companies; state member banks; the U.S. operations of foreign banking organizations; and Edge and agreement corporations. This subpart also applies to their bank service providers, as defined in section 225.301(b)(2).
Back to top