March 31, 2002
- Specially Designated Nationals and Blocked Persons - On
March 11, 2002, the Department of the Treasury's Office of Foreign
Assets Control (OFAC) amended its listing of Specially Designated
Nationals and Blocked Persons by adding two names of Specially
Designated Narcotics Traffickers. Their assets must be blocked
FYI - Specially Designated
Nationals and Blocked Persons - On March 15, 2002, the Director
of the Office of Foreign Assets Control authorized address changes
for two entities on OFAC's Specially Designated Nationals and
Blocked Persons list.
COMPLIANCE - Advertisements
Generally, Internet web sites are considered advertising by the
regulatory agencies. In some cases, the regulations contain special
rules for multiple-page advertisements. It is not yet clear what
would constitute a single "page" in the context of the
Internet or on-line text. Thus, institutions should carefully review
their on-line advertisements in an effort to minimize compliance
In addition, Internet or other systems in which a credit application
can be made on-line may be considered "places of business"
under HUD's rules prescribing lobby notices. Thus, institutions may
want to consider including the "lobby notice,"
particularly in the case of interactive systems that accept
INTERNET SECURITY - We continue covering some of the
issues discussed in the "Risk Management Principles for
Electronic Banking" published by the Basel Committee on Bank
Supervision in May 2001.
Practices to Help Maintain the Privacy of Customer E-Banking
1. Banks should employ appropriate cryptographic techniques,
specific protocols or other security controls to ensure the
confidentiality of customer e-banking data.
2. Banks should develop appropriate procedures and controls to
periodically assess its customer security infrastructure and
protocols for e-banking.
3. Banks should ensure that its third-party service providers have
confidentiality and privacy policies that are consistent with their
4. Banks should take appropriate steps to inform e-banking customers
about the confidentiality and privacy of their information. These
steps may include:
website. Clear, concise language in such statements is essential to
Lengthy legal descriptions, while accurate, are likely to go unread
by the majority of customers.
customers on the need to protect their passwords, personal
identification numbers (PINs) and other banking and/or personal
customers with information regarding the general security of their
personal computer, including the benefits of using virus protection
software, physical access controls and personal firewalls for static
PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy
examination questions. When you answer the question each week,
you will help ensure compliance with the privacy regulations.
Annual Privacy Notice
7) Does the institution provide an annual privacy notice to
each customer whose loan the institution owns the right to service?