|
|
Internet Banking News |
|
April 1, 2001 INTERNET COMPLIANCE - Electronic Delivery of Federally Mandated Disclosures The Federal Reserve Board published interim final rules to establish uniform standards for the electronic delivery of federally mandated disclosures under five consumer protection regulations: B (Equal Credit Opportunity), E (Electronic Fund Transfers), M (Consumer Leasing), Z (Truth in Lending), and DD (Truth in Savings). Under the rules, financial institutions, creditors, lessors, and others may deliver disclosures electronically if they obtain consumers' consent in accordance with the requirements of the Electronic Signatures in Global and National Commerce Act (the "E-Sign Act"), enacted in June 2000. The Board's interim rules provide guidance on the timing and delivery of electronic disclosures, consistent with proposed rules issued by the Board in August 1999, to ensure consumers have adequate opportunity to access and retain the information. http://www.federalreserve.gov/BoardDocs/Press/boardacts/2001/20010329/ INTERNET SECURITY - We continue our review of the FFIEC press release "Risk Management of Outsourced Technology Services." Due Diligence in Selecting a Service Provider Once the institution has completed the risk assessment, management should evaluate service providers to determine their ability, both operationally and financially, to meet the institution's needs. Management should convey the institution's needs, objectives, and necessary controls to the potential service provider. Management also should discuss provisions that the contract should contain. The appendix to this statement contains some specific factors for management to consider in selecting a service provider. Contract Issues Contracts between the institution and service provider should take into account business requirements and key risk factors identified during the risk assessment and due diligence phases. Contracts should be clearly written and sufficiently detailed to provide assurances for performance, reliability, security, confidentiality, and reporting. Management should consider whether the contract is flexible enough to allow for changes in technology and the financial institution's operations. Appropriate legal counsel should review contracts prior to signing. Institutions may encounter situations where service providers cannot or will not agree to terms that the institution requests to manage the risk effectively. Under these circumstances, institutions should either not contract with that provider or supplement the service provider's commitments with additional risk mitigation controls. PRIVACY - Fair Credit Reporting Act The OCC announced that Federal banking agencies have stated that any final Fair Credit Reporting Act rule will not require depository institutions to revise Gramm Leach Bliley Act privacy notices prepared in reliance on existing FCRA law and delivered to consumers before next January. http://www.occ.treas.gov/ftp/release/2001-30.txt |
| PLEASE NOTE: Some of the above links may have expired, especially those from news organizations. We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance. |
