R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

October 14, 2001

FYI - An online gift certificate company said a hacker that blackmailed it for weeks after pilfering its customer information has apparently carried out threats of disclosing the data to its customers. 
http://news.cnet.com/news/0-1007-200-7495034.html?tag=mn_hd 

FYI TECHNOLOGY RISK
- In a speech
before the FFIEC Risk Management Planning Seminar San Francisco on October 11, 2001, FDIC Chairman Don Powell stated in part:

"The transformation to a digital world is altering both the nature of risk and its impact. Our growing reliance on technologies, particularly Internet technologies, exposes banks to the ultimate risks - that the technologies are disrupted and criminals misuse them.

We've always understood that these networks are one of the battlegrounds on which terrorists will engage us. But now we understand just how much damage these terrorists are prepared to do.

So we need to do whatever it takes to stay on top of security and our vendor relationships. We must protect our part of the infrastructure, because as banks increase their dependence on new technologies, the consequences of an interruption of these services can become quite severe.

Also, as new products become available, banks should carefully plan the implementation of new technologies and fully understand the risks they present."

FYI - Due to heightened security concerns, FFIEC is changing the mailing addresses for all CRA and HMDA data submissions effective immediately.  www.ffiec.gov/cra/memo101101.htm

INTERNET COMPLIANCE
Advertisement Of Membership

The FDIC and NCUA consider every insured depository institution's online system top-level page, or "home page", to be an advertisement. Therefore, according to these agencies' interpretation of their rules, financial institutions subject to the regulations should display the official advertising statement on their home pages unless subject to one of the exceptions described under the regulations. Furthermore, each subsidiary page of an online system that contains an advertisement should display the official advertising statement unless subject to one of the exceptions described under the regulations. Additional information about the FDIC's interpretation can be found in the Federal Register, Volume 62, Page 6145, dated February 11, 1997.

INTERNET SECURITY - We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Board and Management Oversight
 

The Board of Directors and senior management are responsible for developing the banking institution's business strategy. An explicit strategic decision should be made as to whether the Board wishes the bank to provide e-banking transactional services before beginning to offer such services. Specifically, the Board should ensure that e-banking plans are clearly integrated within corporate strategic goals, a risk analysis is performed of the proposed e-banking activities, appropriate risk mitigation and monitoring processes are established for identified risks, and ongoing reviews are conducted to evaluate the results of e-banking activities against the institution's business plans and objectives.

In addition, the Board and senior management should ensure that the operational and security risk dimensions of the institution's e-banking business strategies are appropriately considered and addressed. The provision of financial services over the Internet may significantly modify and/or even increase traditional banking risks (e.g. strategic, reputational, operational, credit and liquidity risk). Steps should therefore be taken to ensure that the bank's existing risk management processes, security control processes, due diligence and oversight processes for outsourcing relationships are appropriately evaluated and modified to accommodate e-banking services.

PRIVACY - We continue covering various issues in the "Privacy of Consumer Financial Information" published by the financial regulatory agencies in May 2001.

Financial Institution Duties
( Part 4 of 6)

Requirements for Notices
(continued)

Notice Content. A privacy notice must contain specific disclosures. However, a financial institution may provide to consumers who are not customers a "short form" initial notice together with an opt out notice stating that the institution's privacy notice is available upon request and explaining a reasonable means for the consumer to obtain it. The following is a list of disclosures regarding nonpublic personal information that institutions must provide in their privacy notices, as applicable:

1)  categories of information collected;

2)  categories of information disclosed;

3)  categories of affiliates and nonaffiliated third parties to whom the institution may disclose information;

4)  policies with respect to the treatment of former customers' information;

5)  information disclosed to service providers and joint marketers (Section 13);

6)  an explanation of the opt out right and methods for opting out;

7)  any opt out notices the institution must provide under the Fair Credit Reporting Act with respect to affiliate information sharing;

8)  policies for protecting the security and confidentiality of information; and

9)  a statement that the institution makes disclosures to other nonaffiliated third parties as permitted by law (Sections 14 and 15).

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated