R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

December 16, 2001

FYI - A flaw in the Fleet Credit Card Services online site that could have exposed hundreds of thousands of customer transactions to other Fleet cardholders was repaired over the weekend after a customer went public with the problem.  http://www.pcworld.com/news/article/0,aid,74964,tk,dn121001X,00.asp 

FYI -
The Office of the Comptroller of the Currency issued new guidance this week to help examiners and banks understand and manage the risks associated with the merchant processing business.
Press Release - www.occ.treas.gov/ftp/release/2001-102.txt
Attachment - http://www.occ.treas.gov/handbook/merchproc.pdf

FYI - The Federal Reserve Board on Tuesday announced that it has revised its Policy Statement on Payments System Risk (PSR policy).  www.federalreserve.gov/boarddocs/press/boardacts/2001/20011211/default.htm

FYI - Specially Designated Nationals and Blocked Persons - On December 3, 2001, President George W. Bush issued an Executive Order designating two entities as "Persons Who Threaten International Stabilization Efforts in the Western Balkans."  www.fdic.gov/news/news/financial/2001/fil01103.html

INTERNET COMPLIANCE
Reserve Requirements of Depository Institutions (Regulation D)

Pursuant to the withdrawal and transfer restrictions imposed on savings deposits, electronic transfers, electronic withdrawals (paid electronically) or payments to third parties initiated by a depositor from a personal computer are included as a type of transfer subject to the six transaction limit imposed on passbook savings and MMDA accounts.

Institutions also should note that, to the extent stored value or other electronic money represents a demand deposit or transaction account, the provisions of Regulation D would apply to such obligations. 

Consumer Leasing Act (Regulation M)

The regulation provides examples of advertisements that clarify the definition of an advertisement under Regulation M. The term advertisement includes messages inviting, offering, or otherwise generally announcing to prospective customers the availability of consumer leases, whether in visual, oral, print, or electronic media. Included in the examples are on-line messages, such as those on the Internet. Therefore, such messages are subject to the general advertising requirements.

INTERNET SECURITY - We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Principle 4: Banks should ensure that proper authorization controls and access privileges are in place for e-banking systems, databases and applications.

In order to maintain segregation of duties, banks need to strictly control authorization and access privileges. Failure to provide adequate authorization control could allow individuals to alter their authority, circumvent segregation and gain access to e-banking systems, databases or applications to which they are not privileged.

In e-banking systems, the authorizations and access rights can be established in either a centralized or distributed manner within a bank and are generally stored in databases. The protection of those databases from tampering or corruption is therefore essential for effective authorization control.


FYI - PRIVACY - Privacy of Consumer Financial Information Description: Small Bank Compliance Guide - The OCC has prepared a "Small Bank Compliance Guide" to help community banks comply with the rule implementing the privacy provisions of the Gramm-Leach-Bliley Act.  www.occ.treas.gov/ftp/bulletin/2001-51.txt

FYI - PRIVACY - Guidance on Financial Privacy - Staff of the federal agencies that supervise banks, thrifts, and credit unions today issued guidance to help financial institutions comply with these agencies' consumer privacy regulations.
www.fdic.gov/news/news/press/2001/pr9301.html


PRIVACY
- We continue covering various issues in the "Privacy of Consumer Financial Information" published by the financial regulatory agencies in May 2001.

Sharing nonpublic personal information with nonaffiliated third parties under Sections 14 and/or 15 and outside of exceptions (with or without also sharing under Section 13). 
(Part 2 of 3)

B. Presentation, Content, and Delivery of Privacy Notices 

1)  Review the financial institution's initial, annual and revised notices, as well as any short-form notices that the institution may use for consumers who are not customers. Determine whether or not these notices:

a.  Are clear and conspicuous (3(b), 4(a), 5(a)(1), 8(a)(1));

b.  Accurately reflect the policies and practices used by the institution (4(a), 5(a)(1), 8(a)(1)). Note, this includes practices disclosed in the notices that exceed regulatory requirements; and

c.  Include, and adequately describe, all required items of information and contain examples as applicable (6). Note that if the institution shares under Section 13 the notice provisions for that section shall also apply.

2)  Through discussions with management, review of the institution's policies and procedures, and a sample of electronic or written consumer records where available, determine if the institution has adequate procedures in place to provide notices to consumers, as appropriate. Assess the following:

a.  Timeliness of delivery (4(a), 7(c), 8(a)); and

b.  Reasonableness of the method of delivery (e.g., by hand; by mail; electronically, if the consumer agrees; or as a necessary step of a transaction) (9).

c.  For customers only, review the timeliness of delivery (4(d), 4(e), 5(a)), means of delivery of annual notice (9(c)), and accessibility of or ability to retain the notice (9(e)).

IN CLOSING - Since next weekend is the beginning of the Holiday season, we will not publish the Internet Banking News.  The next edition of the Internet Banking News will be December 30, 2001.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated