R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

March 10, 2002

FYI  - A Supervisory Perspective on Disaster Recovery and Business Continuity from Vice Chairman Roger W. Ferguson, Jr. Before the Institute of International Banker
www.federalreserve.gov/boarddocs/speeches/2002/20020304/default.htm


FYI
-
Specially Designated Nationals and Blocked Persons - On February 26, 2002, the Department of the Treasury's Office of Foreign Assets Control amended its listing of Specially Designated Nationals and Blocked Persons by adding 21 names to its list of Specially Designated Global Terrorists
http://www.fdic.gov/news/news/financial/2002/fil0222.html

FYI -
Specially Designated Nationals and Blocked Persons - On February 12, 2002, the Department of the Treasury's Office of Foreign Assets Control (OFAC) amended its listing of Specially Designated Nationals and Blocked Persons by removing three names.
www.fdic.gov/news/news/financial/2002/fil0220.html

INTERNET COMPLIANCEEqual Credit Opportunity Act (Regulation B)

The regulations clarifies the rules concerning the taking of credit applications by specifying that application information entered directly into and retained by a computerized system qualifies as a written application under this section. If an institution makes credit application forms available through its on-line system, it must ensure that the forms satisfy the requirements.

The regulations also clarify the regulatory requirements that apply when an institution takes loan applications through electronic media. If an applicant applies through an electronic medium (for example, the Internet or a facsimile) without video capability that allows employees of the institution to see the applicant, the institution may treat the application as if it were received by mail.


INTERNET SECURITY
- We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Sound Practices for Managing Outsourced E-Banking Systems and Services (Part 3 of 3)

4. Banks should ensure that periodic independent internal and/or external audits are conducted of outsourced operations to at least the same scope required if such operations were conducted in-house.

a)   For outsourced relationships involving critical or technologically complex e-banking services/applications, banks may need to arrange for other periodic reviews to be performed by independent third parties with sufficient technical expertise.

5. Banks should develop appropriate contingency plans for outsourced e-banking activities.

a)  Banks need to develop and periodically test their contingency plans for all critical e-banking systems and services that have been outsourced to third parties.

b)  Contingency plans should address credible worst-case scenarios for providing continuity of e-banking services in the event of a disruption affecting outsourced operations.

c)   Banks should have an identified team that is responsible for managing recovery and assessing the financial impact of a disruption in outsourced e-banking services.

6. Banks that provide e-banking services to third parties should ensure that their operations, responsibilities, and liabilities are sufficiently clear so that serviced institutions can adequately carry out their own effective due diligence reviews and ongoing oversight of the relationship.


a)   Banks have a responsibility to provide serviced institutions with information necessary to identify, control and monitor any risks associated with the e-banking service arrangement.


PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Initial Privacy Notice


4)  Does the institution provide initial notice after establishing a customer relationship only if:

a.  the customer relationship is not established at the customer's election; [4(e)(1)(i)] or

b.  to do otherwise would substantially delay the customer's transaction (e.g. in the case of a telephone application), and the customer agrees to the subsequent delivery? [4 (e)(1)(ii)]

VISTA
- The Vulnerability Internet Security Test Audit is an affordable means of testing the security of
{custom4}'s network connection to the Internet against unauthorized intrusion.  The VISTA starts at $1,500 and includes a 30 day follow up scan at no additional charge.  In most cases, this vulnerability test is required by your regulator.  Please visit http://www.internetbankingaudits.com/ for more information and to arrange your vulnerability test before your next IT examination.  {Firstname}, I personally review the VISTA results and issue an audit letter to your Board certifying these results.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated