|
|
Internet Banking News |
|
April 8, 2001 FYI - Suspicious Activity Reports and the Internet A financial institution should report on a SAR any activity that appears to be in violation of the federal computer crime law, 18 U.S.C. Sec. 1030 (Fraud and Related Activity in Connection with Computers). In 1997, The Federal Bureau of Investigation, working with FDIC staff, other federal banking agency representatives and other federal law enforcement agencies, developed a guidance for reporting. http://www.fdic.gov/news/news/financial/1997/fil97124.html#attach. INTERNET COMPLIANCE - "Member FDIC" Logo - When is it required? The FDIC believes that every bank's home page is to some extent an advertisement. Accordingly, bank web site home pages should contain the official advertising statement unless the advertisement is subject to exceptions such as advertisements for loans, securities, trust services and/or radio or television advertisements that do not exceed thirty seconds. Whether subsidiary web pages require the official advertising statement will depend upon the content of the particular page. Subsidiary web pages that advertise deposits must contain the official advertising statement. Conversely, subsidiary web pages that relate to loans do not require the official advertising statement. INTERNET SECURITY - We continue our review of the FFIEC press release "Risk Management of Outsourced Technology Services." Service Provider Oversight Institutions should implement an oversight program to monitor each service provider's controls, condition, and performance. Responsibility for the administration of the service provider relationship should be assigned to personnel with appropriate expertise to monitor and manage the relationship. The number of personnel, functional responsibilities, and the amount of time devoted to oversight activities will depend, in part, on the scope and complexity of the services outsourced. Institutions should document the administration of the service provider relationship. Documenting the process is important for contract negotiations, termination issues, and contingency planning. Summary The board of directors and management are responsible for ensuring adequate risk mitigation practices are in place for effective oversight and management of outsourcing relationships. Financial institutions should incorporate an outsourcing risk management process that includes a risk assessment to identify the institution's needs and requirements; proper due diligence to identify and select a provider; written contracts that clearly outline duties, obligations and responsibilities of the parties involved; and ongoing oversight of outsourcing technology services. |
| PLEASE NOTE: Some of the above links may have expired, especially those from news organizations. We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance. |
