R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

April 8, 2001

FYI - Suspicious Activity Reports and the Internet

A financial institution should report on a SAR any activity that appears to be in violation of the federal computer crime law, 18 U.S.C. Sec. 1030 (Fraud and Related Activity in Connection with Computers). In 1997, The Federal Bureau of Investigation, working with FDIC staff, other federal banking agency representatives and other federal law enforcement agencies, developed a guidance for reporting. http://www.fdic.gov/news/news/financial/1997/fil97124.html#attach

INTERNET COMPLIANCE - "Member FDIC" Logo - When is it required?

The FDIC believes that every bank's home page is to some extent an advertisement. Accordingly, bank web site home pages should contain the official advertising statement unless the advertisement is subject to exceptions such as advertisements for loans, securities, trust services and/or radio or television advertisements that do not exceed thirty seconds.

Whether subsidiary web pages require the official advertising statement will depend upon the content of the particular page. Subsidiary web pages that advertise deposits must contain the official advertising statement. Conversely, subsidiary web pages that relate to loans do not require the official advertising statement.

INTERNET SECURITY - We continue our review of the FFIEC press release "Risk Management of Outsourced Technology Services."

Service Provider Oversight

Institutions should implement an oversight program to monitor each service provider's controls, condition, and performance. Responsibility for the administration of the service provider relationship should be assigned to personnel with appropriate expertise to monitor and manage the relationship. The number of personnel, functional responsibilities, and the amount of time devoted to oversight activities will depend, in part, on the scope and complexity of the services outsourced. Institutions should document the administration of the service provider relationship. Documenting the process is important for contract negotiations, termination issues, and contingency planning.

Summary

The board of directors and management are responsible for ensuring adequate risk mitigation practices are in place for effective oversight and management of outsourcing relationships. Financial institutions should incorporate an outsourcing risk management process that includes a risk assessment to identify the institution's needs and requirements; proper due diligence to identify and select a provider; written contracts that clearly outline duties, obligations and responsibilities of the parties involved; and ongoing oversight of outsourcing technology services.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated