R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

August 19, 2001

FYI - Most people feel better giving out their personal information online to traditional banks and other well-known merchants than to portals or their Internet service providers, new research has found.  http://news.cnet.com/news/0-1007-200-6861134.html?tag=mn_hd 

FYI -
FFIEC Guidance on Authentication - The federal banking agencies recently issued the attached guidance for examiners and banking organizations.  The guidance addresses authentication in an electronic banking environment. 
www.federalreserve.gov/boarddocs/SRLETTERS/2001/sr0120.htm

FYI
- Lifting of Mandatory Compliance Date for Interim Rules Amending Regulations B, E, M, Z, and DD - On August 3, 2001, the Federal Reserve Board (FRB) announced it had lifted the October 1, 2001, mandatory compliance date for interim rules governing the electronic delivery of certain consumer disclosures.
www.fdic.gov/news/news/financial/2001/fil0166.html

INTERNET COMPLIANCE
Disclosures/Notices

Several regulations require disclosures and notices to be given at specified times during a financial transaction. For example, some regulations require that disclosures be given at the time an application form is provided to the consumer. In this situation, institutions will want to ensure that disclosures are given to the consumer along with any application form. Institutions may accomplish this through various means, one of which may be through the automatic presentation of disclosures with the application form. Regulations that allow disclosures/notices to be delivered electronically and require institutions to deliver disclosures in a form the customer can keep have been the subject of questions regarding how institutions can ensure that the consumer can "keep" the disclosure. A consumer using certain electronic devices, such as Web TV, may not be able to print or download the disclosure. If feasible, a financial institution may wish to include in its on-line program the ability for consumers to give the financial institution a non-electronic address to which the disclosures can be mailed.

FYI -
INTERNET SECURITY - Business travelers eager to plug their laptop computers into wireless Internet networks cropping up at hotels, airports and coffee shops need to be on guard: Their e-mail and Web browsing can be easily intercepted, security experts warn.  http://news.cnet.com/news/0-1004-200-6853688.html?tag=ch_mh 

INTERNET SECURITY
- We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Security Controls 

While the Board of Directors has the responsibility for ensuring that appropriate security control processes are in place for e-banking, the substance of these processes needs special management attention because of the enhanced security challenges posed by e-banking. This should include establishing appropriate authorization privileges and authentication measures, logical and physical access controls, adequate infrastructure security to maintain appropriate boundaries and restrictions on both internal and external user activities and data integrity of transactions, records and information. In addition, the existence of clear audit trails for all e-banking transactions should be ensured and measures to preserve confidentiality of key e-banking information should be appropriate with the sensitivity of such information. 

Although customer protection and privacy regulations vary from jurisdiction to jurisdiction, banks generally have a clear responsibility to provide their customers with a level of comfort.  Regarding information disclosures, protection of customer data and business availability that approaches the level they can expect when using traditional banking distribution channels. To minimize legal and reputational risk associated with e-banking activities conducted both domestically and cross-border, banks should make adequate disclosure of information on their web sites and take appropriate measures to ensure adherence to customer privacy requirements applicable in the jurisdictions to which the bank is providing e-banking services.

 

FYI PRIVACY - The "FFIEC InfoBase" was created by the Task Force on Examiner Education to provide field examiners of the five-member financial institution regulatory agencies a fast source of introductory training and basic information on specific topics.  http://www.ffiec.gov/exam/InfoBase/start.htm 

PRIVACY - We continue covering various issues in the "Privacy of Consumer Financial Information" published by the financial regulatory agencies in May 2001.

Opt Out Right and Exceptions:

The Right

Consumers must be given the right to "opt out" of, or prevent, a financial institution from disclosing nonpublic personal information about them to a nonaffiliated third party, unless an exception to that right applies. The exceptions are detailed in sections 13, 14, and 15 of the regulations and described below.

As part of the opt out right, consumers must be given a reasonable opportunity and a reasonable means to opt out. What constitutes a reasonable opportunity to opt out depends on the circumstances surrounding the consumer's transaction, but a consumer must be provided a reasonable amount of time to exercise the opt out right. For example, it would be reasonable if the financial institution allows 30 days from the date of mailing a notice or 30 days after customer acknowledgement of an electronic notice for an opt out direction to be returned. What constitutes a reasonable means to opt out may include check-off boxes, a reply form, or a toll-free telephone number, again depending on the circumstances surrounding the consumer's transaction. It is not reasonable to require a consumer to write his or her own letter as the only means to opt out.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated