|
March 10, 2002
FYI
- A
Supervisory Perspective on Disaster Recovery and Business Continuity
from Vice Chairman
Roger W. Ferguson, Jr. Before the Institute of International
Banker
www.federalreserve.gov/boarddocs/speeches/2002/20020304/default.htm
FYI -
Specially Designated
Nationals and Blocked Persons - On February 26, 2002, the Department
of the Treasury's Office of Foreign Assets Control amended its
listing of Specially Designated Nationals and Blocked Persons by
adding 21 names to its list of Specially Designated Global
Terrorists
http://www.fdic.gov/news/news/financial/2002/fil0222.html
FYI - Specially
Designated Nationals and Blocked Persons - On February 12, 2002, the
Department of the Treasury's Office of Foreign Assets Control (OFAC)
amended its listing of Specially Designated Nationals and Blocked
Persons by removing three names.
www.fdic.gov/news/news/financial/2002/fil0220.html
INTERNET
COMPLIANCE - Equal Credit Opportunity Act (Regulation B)
The regulations clarifies the rules concerning the taking of credit
applications by specifying that application information entered
directly into and retained by a computerized system qualifies as a
written application under this section. If an institution makes
credit application forms available through its on-line system, it
must ensure that the forms satisfy the requirements.
The regulations also clarify the regulatory requirements that apply
when an institution takes loan applications through electronic
media. If an applicant applies through an electronic medium (for
example, the Internet or a facsimile) without video capability that
allows employees of the institution to see the applicant, the
institution may treat the application as if it were received by
mail.
INTERNET SECURITY - We continue covering some of the
issues discussed in the "Risk Management Principles for
Electronic Banking" published by the Basel Committee on Bank
Supervision in May 2001.
Sound Practices
for Managing Outsourced E-Banking Systems and Services
(Part 3 of 3)
4. Banks should ensure that periodic independent internal and/or
external audits are conducted of outsourced operations to at least
the same scope required if such operations were conducted in-house.
a) For outsourced
relationships involving critical or technologically complex
e-banking services/applications, banks may need to arrange for other
periodic reviews to be performed by independent third parties with
sufficient technical expertise.
5. Banks should develop appropriate contingency plans for outsourced
e-banking activities.
a) Banks need to
develop and periodically test their contingency plans for all
critical e-banking systems and services that have been outsourced to
third parties.
b) Contingency plans
should address credible worst-case scenarios for providing
continuity of e-banking services in the event of a disruption
affecting outsourced operations.
c) Banks should
have an identified team that is responsible for managing recovery
and assessing the financial impact of a disruption in outsourced
e-banking services.
6. Banks that provide e-banking services to third parties should
ensure that their operations, responsibilities, and liabilities are
sufficiently clear so that serviced institutions can adequately
carry out their own effective due diligence reviews and ongoing
oversight of the relationship.
a) Banks have a
responsibility to provide serviced institutions with information
necessary to identify, control and monitor any risks associated with
the e-banking service arrangement.
PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy
examination questions. When you answer the question each week,
you will help ensure compliance with the privacy regulations.
Initial Privacy Notice
4) Does the institution provide initial notice after establishing a
customer relationship only if:
a. the customer relationship is not established at the
customer's election; [§4(e)(1)(i)] or
b. to do otherwise would substantially delay the customer's
transaction (e.g. in the case of a telephone application), and the
customer agrees to the subsequent delivery? [§4 (e)(1)(ii)]
VISTA - The Vulnerability
Internet Security Test Audit is an affordable means of
testing the security of
{custom4}'s network connection to the Internet against unauthorized intrusion. The VISTA starts at $1,500 and includes a 30 day
follow up scan at no additional charge. In most cases, this
vulnerability test is required by your regulator. Please visit
http://www.internetbankingaudits.com/
for more information and to arrange your vulnerability test before
your next IT examination. {Firstname}, I personally review the VISTA results and issue an
audit letter to your Board certifying these results.
|
