|
September 22, 2002
FYI
TEXAS STATE CHARTERED FINANCIAL INSTITUTIONS
-
Consumer
Complaint Notices
- Regulatory guidance from the Texas Department of Banking regarding
consumer complaint notices posting on web sites. National banks,
federal savings banks and federal credit unions acting as agent for a Sale
of Check licensee should also comply with the posting requirements of 7
TAC Section 29.21. http://www.banking.state.tx.us/cb_updates/regguid3005.htm
FYI
-
NCUA - OFAC Changes to the Specially Designated Nationals and
Blocked Persons List - On September 6, 2002, the Department of the
Treasury’s Office of Foreign Assets Control amended its list of
Specially Designated Nationals and Blocked Persons We have enclosed
these amendments so you may review your credit union’s accounts
for any matching records. www.ncua.gov/ref/reg_alerts/02-RA-10.html
FYI -
Foreign Assets Control Act - Frequently Asked Questions - On September 11, 2002, the Department of
the Treasury's Office of Foreign Assets Control published on its Web site a series of frequently asked
questions concerning OFAC regulations, policies and procedures,
including questions from financial institutions. www.fdic.gov/news/news/financial/2002/FIL02111.html
FYI -
Specially Designated Nationals and Blocked Persons - On
September 6, 2002, the Department of the Treasury's Office of
Foreign Assets Control amended its list of Specially Designated
Nationals and Blocked Persons by adding the following name to its
list of Specially Designated Global Terrorists: www.fdic.gov/news/news/financial/2002/FIL02110.html
INTERNET
COMPLIANCE - Disclosures and Notices
Several consumer regulations provide for disclosures and/or notices
to consumers. The compliance officer should check the specific
regulations to determine whether the disclosures/notices can be
delivered via electronic means. The delivery of disclosures via
electronic means has raised many issues with respect to the format
of the disclosures, the manner of delivery, and the ability to
ensure receipt by the appropriate person(s). The following
highlights some of those issues and offers guidance and examples
that may be of use to institutions in developing their electronic
services.
Disclosures are generally required to be "clear and
conspicuous." Therefore, compliance officers should review the
web site to determine whether the disclosures have been designed to
meet this standard. Institutions may find that the format(s)
previously used for providing paper disclosures may need to be
redesigned for an electronic medium. Institutions may find it
helpful to use "pointers " and "hotlinks" that
will automatically present the disclosures to customers when
selected. A financial institution's use solely of asterisks or other
symbols as pointers or hotlinks would not be as clear as descriptive
references that specifically indicate the content of the linked
material.
INTERNET SECURITY - We continue our review of the
OCC Bulletin about Infrastructure Threats and Intrusion Risks. This
week we review Gathering and Retaining Intrusion Information.
Particular care should be taken when gathering intrusion
information.
The OCC expects management to clearly assess the tradeoff between
enabling an easier recovery by gathering information about an
intruder and the risk that an intruder will inflict additional
damage while that information is being gathered. Management should
establish and communicate procedures and guidelines to employees
through policies, procedures, and training. Intrusion evidence
should be maintained in a fashion that enables recovery while
facilitating subsequent actions by law enforcement. Legal chain of
custody requirements must be considered. In general, legal chain of
custody requirements address controlling and securing evidence from
the time of the intrusion until it is turned over to law enforcement
personnel. Chain of custody actions, and those actions that should
be guarded against, should be identified and embodied in the bank's
policies, procedures, and training.
PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy
examination questions. When you answer the question each week,
you will help ensure compliance with the privacy regulations.
35. Does the institution deliver
the privacy and opt out notices, including the shortform notice, so
that the consumer can reasonably be expected to receive actual
notice in writing or, if the consumer agrees, electronically?
[§9(a)] |
