R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

June 23, 2002

FYI  - Notice of Proposed Rulemaking--Due-Diligence Anti-Money Laundering Programs for Certain Foreign Accounts - This bulletin transmits a notice of proposed rulemaking published by the U.S. Treasury Department and the Financial Crimes Enforcement Network on May 30 to implement a provision of the USA PATRIOT Act.
Press Release: www.occ.treas.gov/ftp/bulletin/2002-29.txt
Attachment: www.occ.treas.gov/ftp/bulletin/2002-29a.pdf

FYI
 - Forcing Private Industry's Hand to Protect Critical Infrastructure - The Bush administration may consider using "unorthodox" tactics to encourage the private sector to bolster cyber security on the portions of the nation's critical infrastructure it controls. For instance, the administration has been discussing with insurance industry the possibility of writing insurance policies only for those companies whose security meets certain standards. http://www.washingtonpost.com/wp-dyn/articles/A27682-2002Jun10.html 

FYI  - Massachusetts Attorney General Tom Reilly has filed charges against a Middleton, Mass., woman, accusing her of hacking into her former boss's computer system and forwarding confidential e-mails to former co-workers.  http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,71972,00.html 

INTERNET COMPLIANCE
Non-Deposit Investment Products

Financial institutions advertising or selling non-deposit investment products on-line should ensure that consumers are informed of the risks associated with non-deposit investment products as discussed in the "Interagency Statement on Retail Sales of Non Deposit Investment Products."  On-line systems should comply with this Interagency Statement, minimizing the possibility of customer confusion and preventing any inaccurate or misleading impression about the nature of the non-deposit investment product or its lack of FDIC insurance.

INTERNET SECURITY
- We continue the series  from the FDIC "Security Risks Associated with the Internet."  While this Financial Institution Letter was published in December 1997, the issues still are relevant.

SECURITY MEASURES


System Architecture and Design 


Measures to address access control and system security start with the appropriate system architecture. Ideally, if an Internet connection is to be provided from within the institution, or a Web site established, the connection should be entirely separate from the core processing system. If the Web site is placed on its own server, there is no direct connection to the internal computer system. However, appropriate firewall technology may be necessary to protect Web servers and/or internal systems. 


Placing a "screening router" between the firewall and other servers provides an added measure of protection, because requests could be segregated and routed to a particular server (such as a financial information server or a public information server). However, some systems may be considered so critical, they should be completely isolated from all other systems or networks.  Security can also be enhanced by sending electronic transmissions from external sources to a machine that is not connected to the main operating system.


PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Content of Privacy Notice

18. If the institution, in its privacy policies, reserves the right to disclose nonpublic personal information to nonaffiliated third parties in the future, does the privacy notice include, as applicable, the:

a. categories of nonpublic personal information that the financial institution reserves the right to disclose in the future, but does not currently disclose;  [6(e)(1)] and

b. categories of affiliates or nonaffiliated third parties to whom the financial institution reserves the right in the future to disclose, but to whom it does not currently disclose, nonpublic personal information? [6(e)(2)]

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated