R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

September 22, 2002

FYI TEXAS STATE CHARTERED FINANCIAL INSTITUTIONS - Consumer Complaint Notices - Regulatory guidance from the Texas Department of Banking regarding consumer complaint notices posting on web sites.  National banks, federal savings banks and federal credit unions acting as agent for a Sale of Check licensee should also comply with the posting requirements of 7 TAC Section 29.21.  http://www.banking.state.tx.us/cb_updates/regguid3005.htm 

FYI -
NCUA - OFAC Changes to the Specially Designated Nationals and Blocked Persons List - On September 6, 2002, the Department of the Treasury’s Office of Foreign Assets Control amended its list of Specially Designated Nationals and Blocked Persons We have enclosed these amendments so you may review your credit union’s accounts for any matching records. www.ncua.gov/ref/reg_alerts/02-RA-10.html

FYI -
Foreign Assets Control Act - Frequently Asked Questions - On September 11, 2002, the Department of the Treasury's Office of Foreign Assets Control  published on its Web site a series of frequently asked questions concerning OFAC regulations, policies and procedures, including questions from financial institutions. www.fdic.gov/news/news/financial/2002/FIL02111.html

FYI -
Specially Designated Nationals and Blocked Persons - On September 6, 2002, the Department of the Treasury's Office of Foreign Assets Control amended its list of Specially Designated Nationals and Blocked Persons by adding the following name to its list of Specially Designated Global Terrorists: www.fdic.gov/news/news/financial/2002/FIL02110.html

INTERNET COMPLIANCE - Disclosures and Notices

Several consumer regulations provide for disclosures and/or notices to consumers. The compliance officer should check the specific regulations to determine whether the disclosures/notices can be delivered via electronic means. The delivery of disclosures via electronic means has raised many issues with respect to the format of the disclosures, the manner of delivery, and the ability to ensure receipt by the appropriate person(s). The following highlights some of those issues and offers guidance and examples that may be of use to institutions in developing their electronic services.

Disclosures are generally required to be "clear and conspicuous." Therefore, compliance officers should review the web site to determine whether the disclosures have been designed to meet this standard. Institutions may find that the format(s) previously used for providing paper disclosures may need to be redesigned for an electronic medium. Institutions may find it helpful to use "pointers " and "hotlinks" that will automatically present the disclosures to customers when selected. A financial institution's use solely of asterisks or other symbols as pointers or hotlinks would not be as clear as descriptive references that specifically indicate the content of the linked material.

INTERNET SECURITY
- We continue our review of the OCC Bulletin about Infrastructure Threats and Intrusion Risks. This week we review Gathering and Retaining Intrusion Information. Particular care should be taken when gathering intrusion information. 

The OCC expects management to clearly assess the tradeoff between enabling an easier recovery by gathering information about an intruder and the risk that an intruder will inflict additional damage while that information is being gathered. Management should establish and communicate procedures and guidelines to employees through policies, procedures, and training. Intrusion evidence should be maintained in a fashion that enables recovery while facilitating subsequent actions by law enforcement. Legal chain of custody requirements must be considered. In general, legal chain of custody requirements address controlling and securing evidence from the time of the intrusion until it is turned over to law enforcement personnel. Chain of custody actions, and those actions that should be guarded against, should be identified and embodied in the bank's policies, procedures, and training.

PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

35. Does the institution deliver the privacy and opt out notices, including the shortform notice, so that the consumer can reasonably be expected to receive actual notice in writing or, if the consumer agrees, electronically? [§9(a)]

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated