12 CFR § 304.21 - Authority, purpose, and scope.

---
identifier: "/us/cfr/t12/s304.21"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "12 CFR § 304.21 - Authority, purpose, and scope."
title_number: 12
title_name: "Banks and Banking"
section_number: "304.21"
section_name: "Authority, purpose, and scope."
chapter_name: "FEDERAL DEPOSIT INSURANCE CORPORATION"
subchapter_number: "A"
subchapter_name: "PROCEDURE AND RULES OF PRACTICE"
part_number: "304"
part_name: "FORMS, INSTRUCTIONS, AND REPORTS"
positive_law: false
currency: "2026-04-05"
last_updated: "2026-04-05"
format_version: "1.1.0"
generator: "[email protected]"
authority: "5 U.S.C. 552; 12 U.S.C. 1463, 1464, 1811, 1813, 1817, 1819, 1831, and 1861-1867."
regulatory_source: "84 FR 29052, June 21, 2019, unless otherwise noted."
cfr_part: "304"
---


# 304.21 Authority, purpose, and scope.

(a) *Authority.* This subpart is issued under the authority of 12 U.S.C. 1463, 1811, 1813, 1817, 1819, and 1861-1867.

(b) *Purpose.* This subpart promotes the timely notification of computer-security incidents that may materially and adversely affect FDIC-supervised institutions.

(c) *Scope.* This subpart applies to all insured state nonmember banks, insured state licensed branches of foreign banks, and insured State savings associations. This subpart also applies to bank service providers, as defined in § 304.22(b)(2).