R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

February 3, 2002

FYI - Guidance on Managing Risks Associated With Wireless Networks and Wireless Customer Access  - Financial institutions are actively evaluating and implementing wireless technology as a means to reach customers and reduce the costs of implementing new networks.
www.fdic.gov/news/news/financial/2002/fil0208.html 

FYI
-
NCUA - Amending FCU Bylaws to Permit Directors Voting by E-Mail   www.ncua.gov/ref/opinion_letters/01-1176.html

INTERNET COMPLIANCE
Disclosures/Notices (Part 1 of 2)

Several regulations require disclosures and notices to be given at specified times during a financial transaction. For example, some regulations require that disclosures be given at the time an application form is provided to the consumer. In this situation, institutions will want to ensure that disclosures are given to the consumer along with any application form. Institutions may accomplish this through various means, one of which may be through the automatic presentation of disclosures with the application form. Regulations that allow disclosures/notices to be delivered electronically and require institutions to deliver disclosures in a form the customer can keep have been the subject of questions regarding how institutions can ensure that the consumer can "keep" the disclosure. A consumer using certain electronic devices, such as Web TV, may not be able to print or download the disclosure. If feasible, a financial institution may wish to include in its on-line program the ability for consumers to give the financial institution a non-electronic address to which the disclosures can be mailed.

INTERNET SECURITY
- We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Principle 10: Banks should have effective capacity, business continuity and contingency planning processes to help ensure the availability of e-banking systems and services.

To protect banks against business, legal and reputation risk, e-banking services must be delivered on a consistent and timely basis in accordance with customer expectations. To achieve this, the bank must have the ability to deliver e-banking services to end-users from either primary (e.g. internal bank systems and applications) or secondary sources (e.g. systems and applications of service providers). The maintenance of adequate availability is also dependent upon the ability of contingency back-up systems to mitigate denial of service attacks or other events that may potentially cause business disruption.

The challenge to maintain continued availability of e-banking systems and applications can be considerable given the potential for high transaction demand, especially during peak time periods. In addition, high customer expectations regarding short transaction processing cycle times and constant availability (24 X 7) has also increased the importance of sound capacity, business continuity and contingency planning. To provide customers with the continuity of e-banking services that they expect, banks need to ensure that:

1)  Current e-banking system capacity and future scalability are analyzed in light of the overall market ddynamics for e-commerce and the projected rate of customer acceptance of e-banking products and services.

2)  E-banking transaction processing capacity estimates are established, stress tested and periodically reviewed.

3)  Appropriate business continuity and contingency plans for critical e-banking processing and delivery systems are in place and regularly tested.


PRIVACY
- We continue covering various issues in the "Privacy of Consumer Financial Information" published by the financial regulatory agencies in May 2001.

Redisclosure of nonpublic personal information received from a nonaffiliated financial institution outside of Sections 14 and 15.

A. Through discussions with management and review of the institution's procedures, determine whether the institution has adequate practices to prevent the unlawful redisclosure of the information where the institution is the recipient of nonpublic personal information ('11(b)). 

B. Select a sample of data received from nonaffiliated financial institutions and shared with others to evaluate the financial institution's compliance with redisclosure limitations.

1.  Verify that the institution's redisclosure of the information was only to affiliates of the financial institution from which the information was obtained or to the institution's own affiliates, except as otherwise allowed in the step b below ('11(b)(1)(i) and (ii)).

2.  If the institution shares information with entities other than those under step a above, verify that the institution's information sharing practices conform to those in the nonaffiliated financial institution's privacy notice ('11(b)(1)(iii)).

3.  Also, review the procedures used by the institution to ensure that the information sharing reflects the opt out status of the consumers of the nonaffiliated financial institution (''10, 11(b)(1)(iii)).

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated