Internet Banking News

September 5, 1999

1) FRB Press Release dated August 31, 1999, regarding electronic delivery of periodic statements reads - "The Federal Reserve Board today published an interim rule to Regulation DD, which implements the Truth in Savings Act. The rule permits depository institutions to deliver disclosures on periodic statements to a consumer's e-mail account or post them on a web site, if the consumer agrees. The interim rule is effective September 1, 1999. Under an earlier interim rule published by the Board in March 1998, periodic statements and other disclosures required under Regulation E (which implements the Electronic Fund Transfer Act) may be delivered electronically if the consumer agrees. Institutions commonly provide a single periodic statement that complies with Regulations E and DD."


When violations of the consumer protection laws regarding a financial institution's electronic services have been cited, generally the compliance officer has not been involved in the development and implementation of the electronic services. Therefore, it is suggested that management and system designers consult with the compliance officer during the development and implementation stages in order to minimize compliance risk. The compliance officer should ensure that the proper controls are incorporated into the system so that all relevant compliance issues are fully addressed. This level of involvement will help decrease an institution's compliance risk and may prevent the need to delay deployment or redesign programs that do not meet regulatory requirements.

FYI - The role of the Compliance Officer is changing. Not only must they understand the regulations as they apply to "brick and mortar banking" but also banking on the Internet, since the compliance laws apply to both. The biggest change is that the Compliance Officer will need to understand the programing language of web pages. Understanding web page programming will allow the Compliance Officer to converse with the web page designers and programmers.


A thorough and proactive risk assessment is the first step in establishing a sound security program. This is the ongoing process of evaluating threats and vulnerabilities, and establishing an appropriate risk management program to mitigate potential monetary losses and harm to an institution's reputation. Threats have the potential to harm an institution, while vulnerabilities are weaknesses that can be exploited.

The extent of the information security program should be commensurate with the degree of risk associated with the institution's systems, networks, and information assets. For example, compared to an information-only Web site, institutions offering transactional Internet banking activities are exposed to greater risks. Further, real-time funds transfers generally pose greater risks than delayed or batch-processed transactions because the items are processed immediately. The extent to which an institution contracts with third-party vendors will also affect the nature of the risk assessment program.

FYI - [Company]'s Internet policy should establish procedures that will annually analyze the risks associated with the Internet with special attention to changes made since the last risk assessment review.

ON THE LIGHT SIDE: My neighbor works in the operations department in the central office of a large bank. Employees in the field call him when they have problems with their computers. One night he got a call from a man in one of the branch banks who had this question: "I've got smoke coming from the back of my terminal. Do you guys have a fire downtown?"

Back Button

Go to the Bank Web Site Audit home page.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated