R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

June 2, 2002

FYI  - International Comparisons of Productivity Growth: The Role of Information Technology and Regulatory Practices - While information technologies (IT) are credited with the recent acceleration in productivity in the United States, many other industrial countries have not experienced a pickup in productivity growth. www.federalreserve.gov/pubs/ifdp/2002/727/default.htm

FYI - Specially Designated Nationals and Blocked Persons - On May 15, 2002, the Department of the Treasury's Office of Foreign Assets Control (OFAC) amended its list of Specially Designated Nationals and Blocked Persons by adding updated "a.k.a" information to the list of Specially Designated Global Terrorists. www.fdic.gov/news/news/financial/2002/fil0251.html

INTERNET COMPLIANCE
The Role Of Consumer Compliance In Developing And Implementing Electronic Services from FDIC:

When violations of the consumer protection laws regarding a financial institution's electronic services have been cited, generally the compliance officer has not been involved in the development and implementation of the electronic services.  Therefore, it is suggested that management and system designers consult with the compliance officer during the development and implementation stages in order to minimize compliance risk.  The compliance officer should ensure that the proper controls are incorporated into the system so that all relevant compliance issues are fully addressed.  This level of involvement will help decrease an institution's compliance risk and may prevent the need to delay deployment or redesign programs that do not meet regulatory requirements.

The compliance officer should develop a compliance risk profile as a component of the institution's online banking business and/or technology plan.  This profile will establish a framework from which the compliance officer and technology staff can discuss specific technical elements that should be incorporated into the system to ensure that the online system meets regulatory requirements.  For example, the compliance officer may communicate with the technology staff about whether compliance disclosures/notices on a web site should be indicated or delivered by the use of "pointers" or "hotlinks" to ensure that required disclosures are presented to the consumer.  The compliance officer can also be an ongoing resource to test the system for regulatory compliance.


INTERNET SECURITY
- We continue the series  from the FDIC "Security Risks Associated with the Internet."  While this Financial Institution Letter was published in December 1997, the issues still are relevant.

SECURITY MEASURES

Encryption 


Encryption, or cryptography, is a method of converting information to an unintelligible code.  The process can then be reversed, returning the information to an understandable form. The information is encrypted (encoded) and decrypted (decoded) by what are commonly referred to as "cryptographic keys." These "keys" are actually values, used by a mathematical algorithm to transform the data. The effectiveness of encryption technology is determined by the strength of the algorithm, the length of the key, and the appropriateness of the encryption system selected.


Because encryption renders information unreadable to any party without the ability to decrypt it, the information remains private and confidential, whether being transmitted or stored on a system. Unauthorized parties will see nothing but an unorganized assembly of characters.  Furthermore, encryption technology can provide assurance of data integrity as some algorithms offer protection against forgery and tampering. The ability of the technology to protect the information requires that the encryption and decryption keys be properly managed by authorized parties.


PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Content of Privacy Notice

14. Does the institution describe the following about its policies and practices with respect to protecting the confidentiality and security of nonpublic personal information:

a. who is authorized to have access to the information; and [§6(c)(6)(i)]

b. whether security practices and policies are in place to ensure the confidentiality of the information in accordance with the institution’s policy?  [§6(c)(6)(ii)]

(Note: the institution is not required to describe technical information about the safeguards used in this respect.)

IN CLOSING
The Vulnerability Internet Security Test Audit (VISTA) is an independent security test of Yennik, Inc.
's network connection to the Internet against unauthorized external intrusion.  While your Network Administrator or systems consultants probably perform a vulnerability scan, the scan would not be considered independent since they developed and maintain your Internet security.  An independent vulnerability test is required in most cases by your regulator, the Gramm-Leach-Bliley Act, and best practices.  Before your next IT examination, visit http://www.internetbankingaudits.com/ for more information and to schedule your independent vulnerability security scan.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated