|
May 19, 2002
FYI
- OCC Issues Final Rule on Electronic Banking -
The Office of the Comptroller of the Currency published a final rule today
that will facilitate the use of electronic technologies by national banks,
consistent with safety and soundness.
Attachment: www.occ.treas.gov/ftp/release/2002-44.txt
Attachment: www.occ.treas.gov/ftp/release/2002-44a.pdf
FYI - Specially Designated
Nationals and Blocked Persons - On May 3, 2002, Treasury's Office of
Foreign Assets Control (OFAC) amended its list of Specially Designated
Nationals and Blocked Persons by adding nine names of Specially Designated
Global Terrorists. Assets belonging to these individuals and entities must
be blocked immediately. www.fdic.gov/news/news/financial/2002/fil0246.html
FYI - Financial Action Task Force
Guidance for Financial Institutions in Detecting Terrorist Financing -
This advisory letter transmits the Financial Action Task Force's (FATF)
"Guidance for Financial Institutions in Detecting Terrorist
Financing," dated April 24, 2002. www.occ.treas.gov/ftp/advisory/2002-4.txt
FATF web site http://www1.oecd.org/fatf/
FYI
- The Justice Department is investigating a group
of the world's largest banks for allegedly using their online
trading service to restrict competition in the foreign-currency
market, a report Wednesday said. http://news.com.com/2100-1017-913934.html?tag=cd_mh
INTERNET
COMPLIANCE - Reserve Requirements of Depository
Institutions (Regulation D)
Pursuant to the withdrawal and transfer restrictions imposed on
savings deposits, electronic transfers, electronic withdrawals (paid
electronically) or payments to third parties initiated by a
depositor from a personal computer are included as a type of
transfer subject to the six transaction limit imposed on passbook
savings and MMDA accounts.
Institutions also should note that, to the extent stored value or
other electronic money represents a demand deposit or transaction
account, the provisions of Regulation D would apply to such
obligations.
Consumer Leasing Act (Regulation M)
The regulation provides examples of advertisements that clarify the
definition of an advertisement under Regulation M. The term
advertisement includes messages inviting, offering, or otherwise
generally announcing to prospective customers the availability of
consumer leases, whether in visual, oral, print, or electronic
media. Included in the examples are on-line messages, such as those
on the Internet. Therefore, such messages are subject to the general
advertising requirements.
INTERNET SECURITY - We continue the series
from the FDIC "Security Risks Associated with the Internet."
While this Financial Institution Letter was published in
December 1997, the issues still are relevant.
Utilization of the Internet presents numerous issues and risks which
must be addressed. While many aspects of system performance will
present additional challenges to the bank, some will be beyond the
bank's control. The reliability of the Internet continues to
improve, but situations including delayed or misdirected
transmissions and operating problems involving Internet Service
Providers (ISPs) could also have an effect on related aspects of the
bank's business.
The risks will not remain static. As technologies evolve, security
controls will improve; however, so will the tools and methods used
by others to compromise data and systems. Comprehensive security
controls must not only be implemented, but also updated to guard
against current and emerging threats. Security controls that address
the risks will be presented over the next few weeks.
SECURITY MEASURES
The FDIC paper discusses the primary interrelated technologies,
standards, and controls that presently exist to manage the risks of
data privacy and confidentiality, data integrity, authentication,
and non-repudiation.
Encryption, Digital Signatures, and Certificate Authorities
Encryption techniques directly address the security issues
surrounding data privacy, confidentiality, and data integrity.
Encryption technology is also employed in digital signature
processes, which address the issues of authentication and non-repudiation.
Certificate authorities and digital certificates are emerging
to address security concerns, particularly in the area of
authentication. The
function of and the need for encryption, digital signatures,
certificate authorities, and digital certificates differ depending
on the particular security issues presented by the bank's
activities. The
technologies, implementation standards, and the necessary legal
infrastructure continue to evolve to address the security needs
posed by the Internet and electronic commerce.
PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy
examination questions. When you answer the question each week,
you will help ensure compliance with the privacy regulations.
Content of Privacy Notice
13. If the institution does not
disclose nonpublic personal information, and does not reserve the
right to do so, other than under exceptions in §14 and §15, does
the institution provide a simplified privacy notice that contains at
a minimum:
a. a statement to this effect;
b. the categories of nonpublic personal information it collects;
c. the policies and practices the institution uses to protect the
confidentiality and security of nonpublic personal information; and
d. a general statement that the institution makes disclosures to
other nonaffiliated third
parties as permitted by law? [§6(c)(5)]
(Note: use of this
type of simplified notice is optional; an institution may always use
a full notice.) |
