R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

December 30, 2001

FYI - Interim Guidance Concerning Correspondent Accounts Established or Maintained for Certain Foreign Banking Institutions - On October 26, 2001, the President signed into law the USA PATRIOT Act (the Act). Title III of the Act makes a number of amendments to the anti-money laundering provisions of the Bank Secrecy Act.  www.fdic.gov/news/news/financial/2001/fil01110.html

FYI - Proposed Check Truncation Act - The Federal Reserve Board has proposed that Congress enact a law that would facilitate check truncation.  www.federalreserve.gov/PaymentSystems/truncation/default.htm

FYI - Delays in Mail Delivery to FDIC Addressees in Washington, DC - Since October 22, 2001, mail service provided by the United States Postal Service  to Federal Deposit Insurance Corporation  addressees in Washington, DC, has been disrupted, causing delays in mail delivery to the FDIC.
www.fdic.gov/news/news/financial/2001/fil01107.html


INTERNET COMPLIANCE
The Role Of Consumer Compliance In Developing And Implementing Electronic Services from FDIC:

When violations of the consumer protection laws regarding a financial institution's electronic services have been cited, generally the compliance officer has not been involved in the development and implementation of the electronic services.  Therefore, it is suggested that management and system designers consult with the compliance officer during the development and implementation stages in order to minimize compliance risk.  The compliance officer should ensure that the proper controls are incorporated into the system so that all relevant compliance issues are fully addressed.  This level of involvement will help decrease an institution's compliance risk and may prevent the need to delay deployment or redesign programs that do not meet regulatory requirements.

The compliance officer should develop a compliance risk profile as a component of the institution's online banking business and/or technology plan.  This profile will establish a framework from which the compliance officer and technology staff can discuss specific technical elements that should be incorporated into the system to ensure that the online system meets regulatory requirements.  For example, the compliance officer may communicate with the technology staff about whether compliance disclosures/notices on a web site should be indicated or delivered by the use of "pointers" or "hotlinks" to ensure that required disclosures are presented to the consumer.  The compliance officer can also be an ongoing resource to test the system for regulatory compliance.


INTERNET SECURITY
- We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Principle 5: Banks should ensure that appropriate measures are in place to protect the data integrity of e-banking transactions, records and information.

Data integrity refers to the assurance that information that is in-transit or in storage is not altered without authorization. Failure to maintain the data integrity of transactions, records and information can expose banks to financial losses as well as to substantial legal and reputational risk.

The inherent nature of straight-through processes for e-banking may make programming errors or fraudulent activities more difficult to detect at an early stage. Therefore, it is important that banks implement straight-through processing in a manner that ensures safety and soundness and data integrity.

As e-banking is transacted over public networks, transactions are exposed to the added threat of data corruption, fraud and the tampering of records. Accordingly, banks should ensure that appropriate measures are in place to ascertain the accuracy, completeness and reliability of e-banking transactions, records and information that is either transmitted over Internet, resident on internal bank databases, or transmitted/stored by third-party service providers on behalf of the bank. Common practices used to maintain data integrity within an e-banking environment include the following:

1)  E-banking transactions should be conducted in a manner that makes them highly resistant to tampering throughout the entire process.

2)  E-banking records should be stored, accessed and modified in a manner that makes them highly resistant to tampering.

3)  E-banking transaction and record-keeping processes should be designed in a manner as to make it virtually impossible to circumvent detection of unauthorized changes.

4)  Adequate change control policies, including monitoring and testing procedures, should be in place to protect against any e-banking system changes that may erroneously or unintentionally compromise controls or data reliability.

5)  Any tampering with e-banking transactions or records should be detected by transaction processing, monitoring and record keeping functions.


FYI PRIVACY - Frequently Asked Questions for the Privacy Regulation- The Federal Deposit Insurance Corporation is issuing the attached staff guidance to help financial institutions comply with Part 332 of the FDIC Rules and Regulations, "Privacy of Consumer Financial Information."
www.fdic.gov/news/news/financial/2001/fil01106.html


PRIVACY
- We continue covering various issues in the "Privacy of Consumer Financial Information" published by the financial regulatory agencies in May 2001.

Sharing nonpublic personal information with nonaffiliated third parties under Sections 14 and/or 15 and outside of exceptions (with or without also sharing under Section 13). 
(Part 3 of 3)

C. Opt Out Right 

1)  Review the financial institution's opt out notices. An opt out notice may be combined with the institution's privacy notices. Regardless, determine whether the opt out notices:

a.  Are clear and conspicuous (§§3(b) and 7(a)(1));

b.  Accurately explain the right to opt out (§7(a)(1));

c.  Include and adequately describe the three required items of information (the institution's policy regarding disclosure of nonpublic personal information, the consumer's opt out right, and the means to opt out) (§7(a)(1)); and

d.  Describe how the institution treats joint consumers (customers and those who are not customers), as applicable (§7(d)).

2)  Through discussions with management, review of the institution's policies and procedures, and a sample of electronic or written records where available, determine if the institution has adequate procedures in place to provide the opt out notice and comply with opt out directions of consumers (customers and those who are not customers), as appropriate. Assess the following:

a.  Timeliness of delivery (§10(a)(1));

b.  Reasonableness of the method of delivery (e.g., by hand; by mail; electronically, if the consumer agrees; or as a necessary step of a transaction) (§9).

c.  Reasonableness of the opportunity to opt out (the time allowed to and the means by which the consumer may opt out) (§§10(a)(1)(iii), 10(a)(3)); and

d.  Adequacy of procedures to implement and track the status of a consumer's (customers and those who are not customers) opt out direction, including those of former customers (§7(e), (f), (g)).

IN CLOSING -We hope you had a wonderful Holiday and that the New Year brings you happiness and prosperity.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated