Internet Banking News

June 3, 1999

Hot off the press - Banks are required to notify the FDIC within 30 days after entering into an agreement with an Internet transactional web site provider. The FDIC FIL dated June 3, 1999, can be found at http://www.fdic.gov/banknews/fils/1999/fil9949.html. There is also an attracted form that should be completed and mail to the FDIC if you have not already provided the notification.

I have not seen anything from the OCC, but rest assured the same requirements will apply.

The next step for the regulators is to examine the Internet transactional web site providers regarding security, financial stability, penetration testing, any security breeches, contracts, maintenance schedules, etc.

RECOMMENDATION:

You should establish a separate file (just like Y2K) for all materials relating to your transactional web site provider. The file should contain current information about:

1) Due diligence performed before selecting the provider
2) Internet policy and internal control procedures
3) Contact with provider
4) Financial information about the provider
5) Results of the penetration testing performed by the provider
6) Copy of Board minutes relating to Internet activities
7) The providers percentage of down time
8) Insurance coverage both the bank's and the provider's
9) etc.

Back Button

Go to the Bank Web Site Audit home page.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated