R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

June 16, 2002

FYI - Fedwire and Net Settlement - The Federal Reserve provides the Fedwire funds transfer service and the Fedwire custodial and transfer service for securities. The Federal Reserve also provides a net settlement service. www.federalreserve.gov/paymentsystems/fedwire/default.htm

FYI  - Financial institutions are using sophisticated software to cut off funding to terrorists.  http://www.msnbc.com/news/766013.asp?pne=msn 

FYI - NCUA - Anti-Money Laundering Programs Interim Final Rule Published by FinCEN - NCUA provides this Regulatory Alert to notify you of a recent interim final rule published by the Financial Crimes Enforcement Network, an agency of the Department of the Treasury. www.ncua.gov/ref/reg_alerts/02-RA-04.html

FYI - Specially Designated Nationals and Blocked Persons - On May 31, 2002, the Department of the Treasury's Office of Foreign Assets Control (OFAC) amended its list of Specially Designated Nationals and Blocked Persons by adding seven names, removing one name, and changing information on one name on its list of Specially Designated Narcotics Traffickers. Attached is a copy of the OFAC bulletin announcing the changes. www.fdic.gov/news/news/financial/2002/fil0266.html

FYI - FinCEN Advisory - The Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) published issues 28 through 32 of its FinCEN Advisory in April 2002. Copies are attached for your information. www.fdic.gov/news/news/financial/2002/fil0264.html

INTERNET COMPLIANCE
Fair Housing Act

A financial institution that advertises on-line credit products that are subject to the Fair Housing Act must display the Equal Housing Lender logotype and legend or other permissible disclosure of its nondiscrimination policy if required by rules of the institution's regulator.

Home Mortgage Disclosure Act (Regulation C)

The regulations clarify that applications accepted through electronic media with a video component (the financial institution has the ability to see the applicant) must be treated as "in person" applications. Accordingly, information about these applicants' race or national origin and sex must be collected. An institution that accepts applications through electronic media without a video component, for example, the Internet or facsimile, may treat the applications as received by mail. 

INTERNET SECURITY
- We continue the series  from the FDIC "Security Risks Associated with the Internet."  While this Financial Institution Letter was published in December 1997, the issues still are relevant.

SECURITY MEASURES


Certificate Authorities and Digital Certificates 


Certificate authorities and digital certificates are emerging to further address the issues of authentication, non‑repudiation, data privacy, and cryptographic key management.  A certificate authority (CA) is a trusted third party that verifies the identity of a party to a transaction . To do this, the CA vouches for the identity of a party by attaching the CA's digital signature to any messages, public keys, etc., which are transmitted.  Obviously, the CA must be trusted by the parties involved, and identities must have been proven to the CA beforehand.  Digital certificates are messages that are signed with the CA's private key.  They identify the CA, the represented party, and could even include the represented party's public key. 

The responsibilities of CAs and their position among emerging technologies continue to develop.  They are likely to play an important role in key management by issuing, retaining, or distributing  public/private key pairs. 


Implementation 


The implementation and use of encryption technologies, digital signatures, certificate authorities, and digital certificates can vary.  The technologies and methods can be used individually, or in combination with one another.  Some techniques may merely encrypt data in transit from one location to another.  While this keeps the data confidential during transmission, it offers little in regard to authentication and non-repudiation.  Other techniques may utilize digital signatures, but still require the encrypted submission of sensitive information, like credit card numbers.  Although protected during transmission, additional measures would need to be taken to ensure the sensitive information remains protected once received and stored. 


The protection afforded by the above security measures will be governed by the capabilities of the technologies, the appropriateness of the technologies for the intended use, and the administration of the technologies utilized.  Care should be taken to ensure the techniques  utilized are sufficient to meet the required needs of the institution.  All of the technical and  implementation differences should be explored when determining the most appropriate package.
 

PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Content of Privacy Notice

17. Does the institution provide consumers who receive the short-form initial notice with a reasonable means of obtaining the longer initial notice, such as: 

a. a toll-free telephone number that the consumer may call to request the notice;  [6(d)(4)(i)] or

b. for the consumer who conducts business in person at the institution's office, having copies available to provide immediately by hand-delivery?  [6(d)(4)(ii)]

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated