(a) Authority. This subpart is issued under the authority of 12 U.S.C. 1, 321-338a, 1467a(g), 1818(b), 1844(b), 1861-1867, and 3101 et seq.

(b) Purpose. This subpart promotes the timely notification of computer-security incidents that may materially and adversely affect Board-supervised entities.

(c) Scope. This subpart applies to all U.S. bank holding companies and savings and loan holding companies; state member banks; the U.S. operations of foreign banking organizations; and Edge and agreement corporations. This subpart also applies to their bank service providers, as defined in section 225.301(b)(2).