Internet Banking News
July 11, 1999
1) This week the FDIC issued a lengthy paper on Information System
Security Issues. This 16 page document covers information security program, risk
assessment, vulnerability of assessment tools, penetration analysis, intrusion detection
systems, and incident response. If you have not seen this paper, you will find it at http://www.bankwebsiteaudits.com/documents/fdic7799..htm.
If you like, I will be happy to e-mail you a copy. Please send me an e-mail and indicate
Word or WordPerfect format.
COMMENT: Since Y2K is winding down, Internet security is becoming a big issue with the
bank examiners. Be sure that your Internet policy has a complete section dealing with
security. In addition, you need to perform security checks of your server or your third
party Internet banking provider at least annually. If I can be of assistance to your bank
by conducting your Internet security review, please give me a call.
2) Expedited Funds Availability Act (Regulation CC) - Generally, the rules pertaining to
the duty of an institution to make deposited funds available for withdrawal apply in the
electronic financial services environment. This includes rules on funds availability
schedules, disclosure of policy, and payment of interest.
Recently, the FRB published a commentary that clarifies requirements for providing certain
written notices or disclosures to customers via electronic means. Specifically, the
commentary to §229.13(g)-1a states that a financial institution satisfies the written
exception hold notice requirement, and the commentary to §229.15(a)-1 states that a
financial institution satisfies the general disclosure requirement by sending an
electronic version that displays the text and is in a form that the customer may keep.
However, the customer must agree to such means of delivery of notices and disclosures.
Information is considered to be in a form that the customer may keep if, for example, it
can be downloaded or printed by the customer. To reduce compliance risk, financial
institutions should test their programs' ability to provide disclosures in a form that can
be downloaded or printed.
COMMENT: When your web page addresses transactional deposit accounts, there should be a
link to your funds availability policy. Section §229.1 can be found at http://www.fdic.gov/lawsregs/rules/7500-13.html#7500.