March 24, 2002
- OCC Chief Counsel Julie L.
Williams Urges Banks to be Vigilant In Avoiding Unfair and Deceptive
Marketing Practices - New guidance issued by the Office of the
Comptroller of the Currency will help banks maintain high-quality
Press release www.occ.treas.gov/ftp/release/2002-30.txt
Advisory Letter http://www.occ.treas.gov/ftp/advisory/2002-3.txt
FYI - The Federal
Reserve Board announced the publication of a guide to help consumers
better understand their rights and responsibilities with regard to
electronic check conversion transactions.
FYI - OCC Concludes that GLBA and Barnett
Decision Show Parts of Massachusetts Law do not Apply to National
Banks - The Office of the Comptroller of the Currency concluded in
an opinion that will be published in the Federal Register that some
provisions of a Massachusetts insurance law would be preempted under
the Gramm-Leach-Bliley Act (GLBA) and therefore would not apply to
FYI - Specially Designated Nationals and Blocked
Persons - On March 7, 2002, the Department of the Treasury's
Office of Foreign Assets Control (OFAC) amended its listing of
Specially Designated Nationals and Blocked Persons by removing the
following Specially Designated Narcotics Trafficker:
FYI - Comptroller Urges Industry
to Adapt Technology To Give Low-Income Americans Greater Access to
Banking Services - Low-income Americans constitute a large and
potentially important market for financial services providers, and
technology gives banks a means to serve that market in a
cost-effective way, Comptroller of the Currency John D. Hawke Jr.
FYI - Bank of America, the No. 3 U.S.
bank, said Sunday that it has corrected a computer processing
problem that left a large number of West Coast customers without
access to funds directly deposited to their accounts last Friday.
- A London-based Internet security and risk
consulting firm last week published the results of a two-day study
that highlights in surprising detail the CIA's primary points of
presence on the public Internet. http://www.computerworld.com/storyba/0,4125,NAV47_STO68961,00.html
COMPLIANCE - Truth in Lending Act (Regulation Z)
The commentary to regulation Z was amended recently to clarify that
periodic statements for open-end credit accounts may be provided
electronically, for example, via remote access devices. The
regulations state that financial institutions may permit customers
to call for their periodic statements, but may not require them to
do so. If the customer wishes to pick up the statement and the plan
has a grace period for payment without imposition of finance
charges, the statement, including a statement provided by electronic
means, must be made available in accordance with the "14-day
rule," requiring mailing or delivery of the statement not later
than 14 days before the end of the grace period.
Provisions pertaining to advertising of credit products should be
carefully applied to an on-line system to ensure compliance with the
regulation. Financial institutions advertising open-end or
closed-end credit products on-line have options. Financial
institutions should ensure that on-line advertising complies with
the regulations. For on-line advertisements that may be deemed to
contain more than a single page, financial institutions should
comply with the regulations, which describe the requirements for
INTERNET SECURITY - We continue covering some of the
issues discussed in the "Risk Management Principles for
Electronic Banking" published by the Basel Committee on Bank
Supervision in May 2001.
Audit Trail Practices for E-Banking Systems
1. Sufficient logs should be maintained for all e-banking
transactions to help establish a clear audit trail and assist in
2. E-banking systems should be designed and installed to capture and
maintain forensic evidence in a manner that maintains control over
the evidence, and prevents tampering and the collection of false
3. In instances where processing systems and related audit trails
are the responsibility of a third-party service provider:
a) The bank
should ensure that it has access to relevant audit trails maintained
by the service provider.
b) Audit trails
maintained by the service provider meet the bank's standards.
PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy
examination questions. When you answer the question each week,
you will help ensure compliance with the privacy regulations.
Annual Privacy Notice
6) Does the institution provide a clear and conspicuous notice
that accurately reflects its privacy policies and practices at least
annually (that is, at least once in any period of 12 consecutive
months) to all customers, throughout the customer relationship?
(Note: annual notices are not required for former
customers. [§5(b)(1)and (2)])