R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

November 3, 2002

FYI  - GAO report on Employee Privacy: Computer-Use Monitoring Practices and Policies of Selected Companies.  GAO-02-717  http://www.gao.gov/cgi-bin/getrpt?GAO-02-717 

FYI  - Basel Committee Report on "Management and Supervision of Cross-Border Electronic Banking Activities," which is a follow-up to the OCC's
"Risk Management Principles for E-Banking" released in May 2001.  http://www.occ.treas.gov/netbank/bcbs93.pdf 

FYI  - FBI Struggling to Stop Cybercrime - Failure to report known or suspected incidents is hindering the government's ability to keep the Internet safe, FBI says.  http://www.pcworld.com/news/article/0,aid,106580,tk,dn110102X,00.asp

The Sarbanes-Oxley Act of 2002 - The recently enacted Sarbanes-Oxley Act of 2002 includes provisions addressing audits, financial reporting and disclosure, conflicts of interest, and corporate governance at public companies. www.federalreserve.gov/boarddocs/srletters/2002/sr0220.htm 

FYI - U.S. Department of Treasury FinCEN Patriot Act Communication System - This advisory letter transmits a U.S. Department of Treasury, Financial Crimes Enforcement Network news release, dated October 1, 2002.  The attached news release announces FinCEN’s new electronic communications system, the Patriot Act Communication System Press Release: www.occ.treas.gov/ftp/advisory/2002-8.txt
Attachment: http://www.fincen.gov/newsreleasepacs10012002.pdf

FYI - You may dread monthly bills in the mailbox, but consider them a perk. Some companies are charging for them.  http://www.nytimes.com/2002/10/29/technology/29BILL.html?ex=1036558800 

- Wireless Security - Collaboration is key in the rapid-paced and increasingly connected business world. At many companies, that means giving employees the technology tools they need and creating ways for them to work together seamlessly.  http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=501 

FYI - A report released Wednesday by congressional investigators found government agencies frequently share information gleaned from various federal applications - sometimes without the applicant's knowledge of where it might go. And it's legal.  http://www.salon.com/tech/wire/2002/10/31/personal_data/index.html?x 

Electronic Delivery of Federally Mandated Disclosures

The Federal Reserve Board published interim final rules to establish uniform standards for the electronic delivery of federally mandated disclosures under five consumer protection regulations: B (Equal Credit Opportunity), E (Electronic Fund Transfers), M (Consumer Leasing), Z (Truth in Lending), and DD (Truth in Savings).

Under the rules, financial institutions, creditors, lessors, and others may deliver disclosures electronically if they obtain consumers' consent in accordance with the requirements of the Electronic Signatures in Global and National Commerce Act (the "E-Sign Act"), enacted in June 2000. The Board's interim rules provide guidance on the timing and delivery of electronic disclosures, consistent with proposed rules issued by the Board in August 1999, to ensure consumers have adequate opportunity to access and retain the information.

We continue our review of the FDIC paper "Risk Assessment Tools and Practices or Information System Security." 

To ensure the security of information systems and data, financial institutions should have a sound information security program that identifies, measures, monitors, and manages potential risk exposure. Fundamental to an effective information security program is ongoing risk assessment of threats and vulnerabilities surrounding networked and/or Internet systems. Institutions should consider the various measures available to support and enhance information security programs. The appendix to this paper describes certain vulnerability assessment tools and intrusion detection methods that can be useful in preventing and identifying attempted external break-ins or internal misuse of information systems. Institutions should also consider plans for responding to an information security incident.

- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

40.  Does the institution provide at least one initial, annual, and revised notice, as applicable, to joint consumers? [§9(g)]

IN CLOSING - The Gramm-Leach-Bliley Act, best practices, and examiners recommend a penetration study of your Internet  connection.   The Vulnerability Internet Security Test Audit (VISTA) is an independent penetration study of {custom4}'s network connection to the Internet that meets the regulatory requirements.  As professional IT auditors, we provide an independent review of the vulnerability test results and an audit letter to your Board of Directors certifying the test results.  For answer to your questions about vulnerability testing go to https://internetbankingaudits.com/frequently_asked_questions.htm


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated