|
January 6, 2002
FYI
-
Specially Designated Nationals and Blocked Persons - Pursuant
to Section 106 of the USA PATRIOT Act of 2001, the financial assets
of Benevolence International Foundation, Inc. and Global Relief
Foundation, Inc., wherever located, are blocked. Benevolence
International Foundation, Inc. is known to have offices in Illinois
and New Jersey, and Global Relief Foundation, Inc. is known to have
offices in Illinois www.fdic.gov/news/news/financial/2002/fil0201.html
FYI - Specially Designated
Nationals and Blocked Persons - On December 20, 2001, the Department
of the Treasury's Office of Foreign Assets Control (OFAC) amended
its listing of Specially Designated Nationals and Blocked Persons by
adding five new names of specially designated global terrorists. www.fdic.gov/news/news/financial/2002/fil0202.html
FYI - STOCKHOLM -
Infuriated by deteriorating service and rising charges, many Swedes
have grown tired of big banks and are taking their business to
financial start-ups, some on the Internet, others at the grocery
store. http://news.cnet.com/news/0-1007-200-8333800.html?tag=cd_mh
INTERNET
COMPLIANCE - Electronic Delivery of Federally
Mandated Disclosures
The Federal Reserve Board published interim final rules to establish
uniform standards for the electronic delivery of federally mandated
disclosures under five consumer protection regulations: B (Equal
Credit Opportunity), E (Electronic Fund Transfers), M (Consumer
Leasing), Z (Truth in Lending), and DD (Truth in Savings).
Under the rules, financial institutions, creditors, lessors, and
others may deliver disclosures electronically if they obtain
consumers' consent in accordance with the requirements of the
Electronic Signatures in Global and National Commerce Act (the
"E-Sign Act"), enacted in June 2000. The Board's interim
rules provide guidance on the timing and delivery of electronic
disclosures, consistent with proposed rules issued by the Board in
August 1999, to ensure consumers have adequate opportunity to access
and retain the information.
INTERNET SECURITY - We continue covering some of the issues
discussed in the "Risk Management Principles for Electronic
Banking" published by the Basel Committee on Bank Supervision
in May 2001.
Principle 6: Banks should ensure that clear audit trails exist
for all e-banking transactions.
Delivery of financial services over the Internet can make it more
difficult for banks to apply and enforce internal controls and
maintain clear audit trails if these measures are not adapted to an
e-banking environment. Banks are not only challenged to ensure that
effective internal control can be provided in highly automated
environments, but also that the controls can be independently
audited, particularly for all critical e-banking events and
applications.
A bank's internal control environment may be weakened if it is
unable to maintain clear audit trails for its e-banking activities.
This is because much, if not all, of its records and evidence
supporting e-banking transactions are in an electronic format. In
making a determination as to where clear audit trails should be
maintained, the following types of e-banking transactions should be
considered:
1) The opening,
modification or closing of a customer’s account.
2) Any transaction with
financial consequences.
3) Any authorization
granted to a customer to exceed a limit.
4) Any granting,
modification or revocation of systems access rights or privileges.
PRIVACY - We continue covering various issues in the
"Privacy of Consumer Financial Information" published by
the financial regulatory agencies in May 2001.
Sharing nonpublic personal information with nonaffiliated third
parties under Sections 13=, 14, and/or 15 but outside of these
exceptions
(Part 1 of 3)
A. Disclosure of Nonpublic Personal Information
1) Select a sample of third party relationships with
nonaffiliated third parties and obtain a sample of data shared
between the institution and the third party. The sample should
include a cross-section of relationships but should emphasize those
that are higher risk in nature as determined by the initial
procedures. Perform the following comparisons to evaluate the
financial institution's compliance with disclosure limitations.
a. Compare the data shared and with whom the data were shared
to ensure that the institution accurately categorized its
information sharing practices and is not sharing nonpublic personal
information outside the exceptions (§§13, 14, 15).
b. Compare the categories of data shared and with whom the
data were shared to those stated in the privacy notice and verify
that what the institution tells consumers in its notices about its
policies and practices in this regard and what the institution
actually does are consistent (§§10, 6).
2) Review contracts with nonaffiliated third parties that
perform services for the financial institution not covered by the
exceptions in section 14 or 15. Determine whether the contracts
adequately prohibit the third party from disclosing or using the
information other than to carry out the purposes for which the
information was disclosed. Note that the "grandfather"
provisions of Section 18 apply to certain of these contracts. (§13(a)). |
