12 CFR § 53.1 - Authority, purpose, and scope.

---
identifier: "/us/cfr/t12/s53.1"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "12 CFR § 53.1 - Authority, purpose, and scope."
title_number: 12
title_name: "Banks and Banking"
section_number: "53.1"
section_name: "Authority, purpose, and scope."
chapter_name: "COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY"
part_number: "53"
part_name: "COMPUTER-SECURITY INCIDENT NOTIFICATION"
positive_law: false
currency: "2026-04-05"
last_updated: "2026-04-05"
format_version: "1.1.0"
generator: "[email protected]"
authority: "12 U.S.C. 1, 93a, 161, 481, 1463, 1464, 1861-1867, and 3102."
regulatory_source: "86 FR 66442, Nov. 23, 2021, unless otherwise noted."
cfr_part: "53"
---


# 53.1 Authority, purpose, and scope.

(a) *Authority.* This part is issued under the authority of 12 U.S.C. 1, 93a, 161, 481, 1463, 1464, 1861-1867, and 3102.

(b) *Purpose.* This part promotes the timely notification of computer-security incidents that may materially and adversely affect Office of the Comptroller of the Currency (OCC)-supervised institutions.

(c) *Scope.* This part applies to all national banks, Federal savings associations, and Federal branches and agencies of foreign banks. This part also applies to their bank service providers as defined in § 53.2(b)(2).