R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

January 13, 2002

FYI - We want to congratulate the folks at the NCUA for a great job redesigning their web site.  They have improved the look, the ease of navigation, and the overall professionalism of the site.
Press release  www.ncua.gov/news/press_releases/nr010702.html
NCUA Home Page http://www.ncua.gov 

- Consumer Complaints - Those portions of your website that offer consumer goods and services must contain access to the required notice.  http://www.banking.state.tx.us/LEGAL/RULES/11TAC.HTM#§11.37 

"Member FDIC" Logo - When is it required?

The FDIC believes that every bank's home page is to some extent an advertisement. Accordingly, bank web site home pages should contain the official advertising statement unless the advertisement is subject to exceptions such as advertisements for loans, securities, trust services and/or radio or television advertisements that do not exceed thirty seconds. 

Whether subsidiary web pages require the official advertising statement will depend upon the content of the particular page.  Subsidiary web pages that advertise deposits must contain the official advertising statement.  Conversely, subsidiary web pages that relate to loans do not require the official advertising statement. 

- We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Principle 7: Banks should take appropriate measures to preserve the confidentiality of key e-banking information. Measures taken to preserve confidentiality should be commensurate with the sensitivity of the information being transmitted and/or stored in databases.

Confidentiality is the assurance that key information remains private to the bank and is not viewed or used by those unauthorized to do so. Misuse or unauthorized disclosure of data exposes a bank to both reputation and legal risk. The advent of e-banking presents additional security challenges for banks because it increases the exposure that information transmitted over the public network or stored in databases may be accessible by unauthorized or inappropriate parties or used in ways the customer providing the information did not intend. Additionally, increased use of service providers may expose key bank data to other parties.

To meet these challenges concerning the preservation of confidentiality of key e-banking information, banks need to ensure that:

1)  All confidential bank data and records are only accessible by duly authorized and authenticated individuals, agents or systems.

2)  All confidential bank data are maintained in a secure manner and protected from unauthorized viewing or modification during transmission over public, private or internal networks.

3)  The bank’s standards and controls for data use and protection must be met when third parties have access to the data through outsourcing relationships.

4)  All access to restricted data is logged and appropriate efforts are made to ensure that access logs are resistant to tampering.

- We continue covering various issues in the "Privacy of Consumer Financial Information" published by the financial regulatory agencies in May 2001.

Sharing nonpublic personal information with nonaffiliated third parties under Sections 13, and 14 and/or 15 but not outside of these exceptions
(Part 2 of 2)

B. Presentation, Content, and Delivery of Privacy Notices 

1)  Review the financial institution's initial and annual privacy notices. Determine whether or not they:

a.  Are clear and conspicuous (§§3(b), 4(a), 5(a)(1)); 

b.  Accurately reflect the policies and practices used by the institution (§§4(a), 5(a)(1)). Note, this includes practices disclosed in the notices that exceed regulatory requirements; and

c.  Include, and adequately describe, all required items of information and contain examples as applicable (§§6, 13).

2)  Through discussions with management, review of the institution's policies and procedures, and a sample of electronic or written consumer records where available, determine if the institution has adequate procedures in place to provide notices to consumers, as appropriate. Assess the following:

a.  Timeliness of delivery (§4(a)); and

b.  Reasonableness of the method of delivery (e.g., by hand; by mail; electronically, if the consumer agrees; or as a necessary step of a transaction) (§9).

c.  For customers only, review the timeliness of delivery (§§4(d), 4(e), and 5(a)), means of delivery of annual notice §9(c)), and accessibility of or ability to retain the notice (§9(e)).


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated