StacksVerified U.S. regulatory reference

12 CFR §225.300

Verified against eCFR.gov as of June 20, 2026View official text on eCFR.gov
  1. (a)Authority. This subpart is issued under the authority of 12 U.S.C. 1, 321-338a, 1467a(g), 1818(b), 1844(b), 1861-1867, and 3101 et seq.
  2. (b)Purpose. This subpart promotes the timely notification of computer-security incidents that may materially and adversely affect Board-supervised entities.
  3. (c)Scope. This subpart applies to all U.S. bank holding companies and savings and loan holding companies; state member banks; the U.S. operations of foreign banking organizations; and Edge and agreement corporations. This subpart also applies to their bank service providers, as defined in § 225.301(b)(2).