R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

April 7, 2002

FYI - E-Insurance for the Digital Age - Big insurers are now offering policies against hacks, viruses, and stolen data. They may also set security standards.  http://www.businessweek.com/bwdaily/dnflash/apr2002/nf2002042_8163.htm 

INTERNET COMPLIANCE
Record Retention

Record retention provisions apply to electronic delivery of disclosures to the same extent required for non-electronic delivery of information. For example, if the web site contains an advertisement, the same record retention provisions that apply to paper-based or other types of advertisements apply. Copies of such advertisements should be retained for the time period set out in the relevant regulation. Retention of electronic copies is acceptable.


INTERNET SECURITY
- We conclude our coverage of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Sound Capacity, Business Continuity and Contingency Planning Practices for E-Banking


1. All e-banking services and applications, including those provided by third-party service providers, should be identified and assessed for criticality.

2. A risk assessment for each critical e-banking service and application, including the potential implications of any business disruption on the bank's credit, market, liquidity, legal, operational and reputation risk should be conducted.

3. Performance criteria for each critical e-banking service and application should be established, and service levels should be monitored against such criteria.  Appropriate measures should be taken to ensure that e-banking systems can handle high and low transaction volume and that systems performance and capacity is consistent with the bank's expectations for future growth in e-banking.

4. Consideration should be given to developing processing alternatives for managing demand when e-banking systems appear to be reaching defined capacity checkpoints.

5. E-banking business continuity plans should be formulated to address any reliance on third-party service providers and any other external dependencies required achieving recovery.


6. E-banking contingency plans should set out a process for restoring or replacing e-banking processing capabilities, reconstructing supporting transaction information, and include measures to be taken to resume availability of critical e-banking systems and applications in the event of a business disruption.

PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Content of Privacy Notice
 

8)  Do the initial, annual, and revised privacy notices include each of the following, as applicable:  (Part 1 of 2)

a)  the categories of nonpublic personal information that the institution collects; [6(a)(1)]

b)  the categories of nonpublic personal information that the institution discloses; [6(a)(2)]

c)  the categories of affiliates and nonaffiliated third parties to whom the institution discloses nonpublic personal information, other than parties to whom information is disclosed under an exception in 14 or 15; [6(a)(3)]

d)  the categories of nonpublic personal information disclosed about former customers, and the categories of affiliates and nonaffiliated third parties to whom the institution discloses that information, other than those parties to whom the institution discloses information under an exception in 14 or 15; [6(a)(4)]

IN CLOSING - The Vulnerability Internet Security Test Audit is an affordable means of testing the security of Yennik, Inc.'s network connection to the Internet against unauthorized intrusion.  In most cases, this vulnerability test is required by your  regulator.  Please visit http://www.internetbankingaudits.com/ for more information and to arrange your vulnerability test before your next IT examination.  With over 30 year experience (which includes 20 years as a bank examiner) auditing IT departments of financial institutions, I personally review the test results, discuss the finding with your network administrator, and issue an audit letter to your Board certifying the results.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated