R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

February 24, 2002

FYI - The United States' top adviser on cybersecurity on Tuesday took companies to task, pointing out that many spend less on computer security than they do on coffee for employees.  http://news.com.com/2100-1001-840335.html?tag=dd.ne.dht.nl-hed.0 

Electronic Fund Transfer Act, Regulation E  (Part 1 of 2)

Generally, when on-line banking systems include electronic fund transfers that debit or credit a consumer's account, the requirements of the Electronic Fund Transfer Act and Regulation E apply. A transaction involving stored value products is covered by Regulation E when the transaction accesses a consumer's account (such as when value is "loaded" onto the card from the consumer's deposit account at an electronic terminal or personal computer).

Financial institutions must provide disclosures that are clear and readily understandable, in writing, and in a form the consumer may keep. An Interim rule was issued on March 20, 1998 that allows depository institutions to satisfy the requirement to deliver by electronic communication any of these disclosures and other information required by the act and regulations, as long as the consumer agrees to such method of delivery.

Financial institutions must ensure that consumers who sign-up for a new banking service are provided with disclosures for the new service if the service is subject to terms and conditions different from those described in the initial disclosures. Although not specifically mentioned in the commentary, this applies to all new banking services including electronic financial services.

- We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Sound Practices for Managing Outsourced E-Banking Systems and Services (Part 1 of 3)

1. Banks should adopt appropriate processes for evaluating decisions to outsource e-banking systems or services.

a)  Bank management should clearly identify the strategic purposes, benefits and costs associated with entering into outsourcing arrangements for e-banking with third parties.
b)  The decision to outsource a key e-banking function or service should be consistent with the bank’s business strategies, be based on a clearly defined business need, and recognize the specific risks that outsourcing entails.
c)  All affected areas of the bank need to understand how the service provider(s) will support the bank’s e-banking strategy and fit into its operating structure.

2. Banks should conduct appropriate risk analysis and due diligence prior to selecting an e-banking service provider and at appropriate intervals thereafter.

a)  Banks should consider developing processes for soliciting proposals from several e-banking service providers and criteria for choosing among the various proposals.
b)  Once a potential service provider has been identified, the bank should conduct an appropriate due diligence review, including a risk analysis of the service provider’s financial strength, reputation, risk management policies and controls, and ability to fulfill its obligations.
c)  Thereafter, banks should regularly monitor and, as appropriate, conduct due diligence reviews of the ability of the service provider to fulfill its service and associated risk management obligations throughout the duration of the contract.
d)  Banks need to ensure that adequate resources are committed to overseeing outsourcing arrangements supporting e-banking.
e)  Responsibilities for overseeing e-banking outsourcing arrangements should be clearly assigned.
f)  An appropriate exit strategy for the bank to manage risks should it need to terminate the outsourcing relationship.

- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Initial Privacy Notice

2)  Does the institution provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to all consumers, who are not customers, before any nonpublic personal information about the consumer is disclosed to a nonaffiliated third party, other than under an exception in §§14 or 15? [§4(a)(2)]?


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated