R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

September 30, 2001

FYI - FinCEN Hotline/Reporting Suspicious Transactions Relating to the Recent Terrorist Attacks National banks are required to report information concerning known or suspected criminal law violations relating to the recent terrorist attacks to law enforcement authorities by filing Suspicious ActivityReports (SARs) as expeditiously as possible.
Press Release - www.occ.treas.gov/ftp/alert/2001-10.txt
Attachment - www.occ.treas.gov/ftp/alert/2001-10a.pdf

FYI - Terrorist Additions to the OFAC SDN List - The president has issued a new Executive Order - targeting terrorists, and a number of new names have been added to OFAC's Specially Designated Nationals List.
News Release - www.occ.treas.gov/ftp/alert/2001-9.txt
Attachment - www.occ.treas.gov/ftp/alert/2001-9a.pdf

FYI
-
Executive Order Targeting Terrorist Assets - On September 24, 2001, President George W. Bush issued an Executive Order targeting terrorists. As a result, a number of new names have been added to Treasury's Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons list.
http://www.fdic.gov/news/news/financial/2001/fil0185.html


FYI
-
Financial Institutions Hotline Relating To Terrorist Activity - The Treasury Department's Financial Crimes Enforcement Network has established a FINANCIAL INSTITUTIONS HOTLINE, 1-866-556-3974, for financial institutions to voluntarily report to law enforcement suspicious transactions that may relate to recent terrorist activity against the United States.
www.fdic.gov/news/news/financial/2001/fil0187.html

FYI
-
Reporting Suspicious Transactions Relating to the Recent Terrorist Attacks to Law Enforcement - Banking organizations supervised by the Federal Reserve and the other federal financial institutions supervisory agencies are required to report information concerning known or suspected criminal law violations relating to the recent terrorist attacks to law enforcement authorities by filing Suspicious Activity Reports as expeditiously as possible.
www.federalreserve.gov/boarddocs/srletters/2001/sr0123.htm

FYI - NCUA Chairman Dennis Dollar issued a NCUA Letter to Credit Unions today upon receiving a formal request for assistance by the Federal Bureau of Investigation (FBI).
www.ncua.gov/news/press_releases/nr092101.html

FYI - The Federal Reserve Board on Friday announced that the Consumer Advisory Council will hold its next meeting on Thursday, October 25 that will cover electronic delivery of disclosures.
www.federalreserve.gov/boarddocs/press/General/2001/20010928/default.htm

INTERNET COMPLIANCEFlood Disaster Protection Act

The regulation implementing the National Flood Insurance Program requires a financial institution to notify a prospective borrower and the servicer that the structure securing the loan is located or to be located in a special flood hazard area. The regulation also requires a notice of the servicer's identity be delivered to the insurance provider. While the regulation addresses electronic delivery to the servicer and to the insurance provider, it does not address electronic delivery of the notice to the borrower.


INTERNET SECURITY - We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Risk Management Principles for Electronic Banking

The e-banking risk management principles identified in this Report fall into three broad, and often overlapping, categories of issues. However, these principles are not weighted by order of preference or importance. If only because such weighting might change over time, it is preferable to remain neutral and avoid such prioritization.

A. Board and Management Oversight (Principles 1 to 3): 

1. Effective management oversight of e-banking activities. 
2. Establishment of a comprehensive security control process. 
3. Comprehensive due diligence and management oversight process for outsourcing relationships and other third-party dependencies. 

B. Security Controls (Principles 4 to 10):

4. Authentication of e-banking customers. 
5. Non-repudiation and accountability for e-banking transactions. 
6. Appropriate measures to ensure segregation of duties. 
7. Proper authorization controls within e-banking systems, databases and applications. 
8. Data integrity of e-banking transactions, records, and information. 
9. Establishment of clear audit trails for e-banking transactions. 
10. Confidentiality of key bank information.

C. Legal and Reputational Risk Management (Principles 11 to 14):

11. Appropriate disclosures for e-banking services. 
12. Privacy of customer information. 
13. Capacity, business continuity and contingency planning to ensure availability of e-banking systems and services. 
14. Incident response planning.

Each of the above principles will be cover over the next few weeks, as they relate to e-banking and the underlying risk management principles that should be considered by banks to address these issues.

PRIVACY - We continue covering various issues in the "Privacy of Consumer Financial Information" published by the financial regulatory agencies in May 2001.

Financial Institution Duties ( Part 3 of 6)

Requirements for Notices

Clear and Conspicuous. Privacy notices must be clear and conspicuous, meaning they must be reasonably understandable and designed to call attention to the nature and significance of the information contained in the notice. The regulations do not prescribe specific methods for making a notice clear and conspicuous, but do provide examples of ways in which to achieve the standard, such as the use of short explanatory sentences or bullet lists, and the use of plain-language headings and easily readable typeface and type size. Privacy notices also must accurately reflect the institution's privacy practices.

Delivery Rules. Privacy notices must be provided so that each recipient can reasonably be expected to receive actual notice in writing, or if the consumer agrees, electronically. To meet this standard, a financial institution could, for example, (1) hand-deliver a printed copy of the notice to its consumers, (2) mail a printed copy of the notice to a consumer's last known address, or (3) for the consumer who conducts transactions electronically, post the notice on the institution's web site and require the consumer to acknowledge receipt of the notice as a necessary step to completing the transaction.

For customers only, a financial institution must provide the initial notice (as well as the annual notice and any revised notice) so that a customer may be able to retain or subsequently access the notice. A written notice satisfies this requirement. For customers who obtain financial products or services electronically, and agree to receive their notices on the institution's web site, the institution may provide the current version of its privacy notice on its web site.

IN CLOSING - The Internet Banking News will not be published next weekend October 7.  The Internet Banking News will return the weekend of October 14.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated