R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

March 3, 2002

FYI - Charles Schwab is going ahead with plans to set up an online bank, despite the fact that the concept has been slow to catch on with consumers.  http://news.com.com/2100-1017-849312.html 

Specially Designated Nationals and Blocked Persons - On January 9, 2002, the Department of the Treasury's Office of Foreign Assets Control (OFAC) amended its listing of Specially Designated Nationals and Blocked Persons by adding four new names of specially designated global terrorists. Their assets must be blocked immediately.

FYI - Specially Designated Nationals and Blocked Persons - On January 23, 2002, the Department of the Treasury's Office of Foreign Assets Control (OFAC) updated its list of authorized service providers under the Cuban Assets Control Regulations.

FYI - FinCEN Publications - Attached is a copy of the January 2002 issue of SAR Bulletin, published by the Department of the Treasury's Financial Crimes Enforcement Network.

FYI - U.S. Department of Treasury FinCEN Advisories 11A and 21A - This advisory letter revises the list of countries detailed in OCC Advisory Letter 2000-8, "U.S. Department of Treasury FinCEN Advisories 13 through 27," dated August 9, 2000 and AL 2001-7, "U.S. Department of Treasury FinCEN Advisories 13A, 14A, 19A, 23A," dated July 25, 2001.

Electronic Fund Transfer Act, Regulation E  (Part 2 of 2)

The Federal Reserve Board Official Staff Commentary (OSC) also clarifies that terminal receipts are unnecessary for transfers initiated on-line. Specifically, OSC regulations provides that, because the term "electronic terminal" excludes a telephone operated by a consumer, financial institutions need not provide a terminal receipt when a consumer initiates a transfer by a means analogous in function to a telephone, such as by a personal computer or a facsimile machine.

Additionally, the regulations clarifies that a written authorization for preauthorized transfers from a consumer's account includes an electronic authorization that is not signed, but similarly authenticated by the consumer, such as through the use of a security code. According to the OSC, an example of a consumer's authorization that is not in the form of a signed writing but is, instead, "similarly authenticated" is a consumer's authorization via a home banking system. To satisfy the regulatory requirements, the institution must have some means to identify the consumer (such as a security code) and make a paper copy of the authorization available (automatically or upon request). The text of the electronic authorization must be displayed on a computer screen or other visual display that enables the consumer to read the communication from the institution.

Only the consumer may authorize the transfer and not, for example, a third-party merchant on behalf of the consumer.

Pursuant to the regulations, timing in reporting an unauthorized transaction, loss, or theft of an access device determines a consumer's liability. A financial institution may receive correspondence through an electronic medium concerning an unauthorized transaction, loss, or theft of an access device. Therefore, the institution should ensure that controls are in place to review these notifications and also to ensure that an investigation is initiated as required. 

- We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Sound Practices for Managing Outsourced E-Banking Systems and Services (Part 2 of 3)

3. Banks should adopt appropriate procedures for ensuring the adequacy of contracts governing e-banking. Contracts governing outsourced e-banking activities should address, for example, the following:

a)  The contractual liabilities of the respective parties as well as responsibilities for making decisions, including any sub-contracting of material services are clearly defined.

b)   Responsibilities for providing information to and receiving information from the service provider are clearly defined. Information from the service provider should be timely and comprehensive enough to allow the bank to adequately assess service levels and risks. Materiality thresholds and procedures to be used to notify the bank of service disruptions, security breaches and other events that pose a material risk to the bank should be spelled out.

c)   Provisions that specifically address insurance coverage, the ownership of the data stored on the service provider's servers or databases, and the right of the bank to recover its data upon expiration or termination of the contract should be clearly defined.

d)   Performance expectations, under both normal and contingency circumstances, are defined. 

e)  Adequate means and guarantees, for instance through audit clauses, are defined to insure that the service provider complies with the bank’s policies. 

f)   Provisions are in place for timely and orderly intervention and rectification in the event of substandard performance by the service provider.

g)   For cross-border outsourcing arrangements, determining which country laws and regulations, including those relating to privacy and other customer protections, are applicable.

h)  The right of the bank to conduct independent reviews and/or audits of security, internal controls and business continuity and contingency plans is explicitly defined.

- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Initial Privacy Notice

3)  Does the institution provide to existing customers, who obtain a new financial product or service, an initial privacy notice that covers the customer's new financial product or service, if the most recent notice provided to the customer was not accurate with respect to the new financial product or service? [§4(d)(1)]


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated