R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

March 18, 2001

FYI - March 13, 2001 - The Federal Reserve Board published revisions to Regulation E (Electronic Fund Transfers) Official Staff Commentary, which applies and interprets the requirements of the regulation. The effective date is March 15, 2001 with the mandatory compliance date set at January 1, 2002. www.federalreserve.gov/BoardDocs/Press/boardacts/2001/20010313/  

INTERNET COMPLIANCE - Disclosures/Notices

Several regulations require disclosures and notices to be given at specified times during a financial transaction. For example, some regulations require that disclosures be given at the time an application form is provided to the consumer. In this situation, institutions will want to ensure that disclosures are given to the consumer along with any application form. Institutions may accomplish this through various means, one of which may be through the automatic presentation of disclosures with the application form. Regulations that allow disclosures/notices to be delivered electronically and require institutions to deliver disclosures in a form the customer can keep have been the subject of questions regarding how institutions can ensure that the consumer can "keep" the disclosure. A consumer using certain electronic devices, such as Web TV, may not be able to print or download the disclosure. If feasible, a financial institution may wish to include in its on-line program the ability for consumers to give the financial institution a non-electronic address to which the disclosures can be mailed.

INTERNET SECURITY - Outsourcing information technology services will be a "hot topic" with examiners this year. On this note, we will spend the next few weeks reviewing the FFIEC press release "Risk Management of Outsourced Technology Services."

Purpose and Background

This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the risks associated with outsourcing technology services. Financial institutions should consider the guidance outlined in this statement and the attached appendix in managing arrangements with their technology service providers. While this guidance covers a broad range of issues that financial institutions should address, each financial institution should apply those elements based on the scope and importance of the outsourced services as well as the risk to the institution from the services.

Financial institutions increasingly rely on services provided by other entities to support an array of technology-related functions. While outsourcing to affiliated or nonaffiliated entities can help financial institutions manage costs, obtain necessary expertise, expand customer product offerings, and improve services, it also introduces risks that financial institutions should address. This guidance covers four elements of a risk management process: risk assessment, selection of service providers, contract review, and monitoring of service providers.

FYI - It has come to our attention that the regulators are concerned about the following reported Internet security issues:

The FBI stated that organized hacker groups, primarily from former Soviet countries, are responsible for recent increases in credit card thefts and extortion attempts.

Large Criminal Hacker Attack on Windows NTE-Banking and E-Commerce Sites http://www.sans.org/newlook/alerts/NTE-bank.htm  


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated