|
August 12, 2001
FYI -
In the age of sophisticated Internet, telephone and wireless banking, most
Americans still prefer to bank the old-fashioned way: by walking into a
local branch and talking to a teller, a survey found. http://news.cnet.com/news/0-1007-200-6817306.html?tag=cd_mh
FYI - Researchers have discovered a way to quickly break
through the security system that protects the leading corporate wireless
networking system, a trade group said Friday.
http://news.cnet.com/news/0-1004-200-6773189.html?tag=ch_mh
FYI - Suspicious Activity Report Database - Board staff
and the Reserve Banks have long recognized that, as part of the Federal
Reserve's on-going supervision of financial institutions, it is necessary
that there be a continuing, thorough and timely review of Suspicious
Activity Reports (SARs).
www.federalreserve.gov/boarddocs/srletters/2001/sr0118.htm
FYI - Draft
Check Truncation Act - The Federal Reserve Board staff is
developing a draft law that would facilitate check truncation by removing
several existing legal impediments to the use of electronics in check
processing.
www.federalreserve.gov/PaymentSystems/truncation/draftinfo.htm
INTERNET COMPLIANCE - Non-Deposit Investment Products
Financial institutions advertising or selling non-deposit investment
products on-line should ensure that consumers are informed of the risks
associated with non-deposit investment products as discussed in the
"Interagency Statement on Retail Sales of Non Deposit Investment
Products." On-line systems should comply with this Interagency
Statement, minimizing the possibility of customer confusion and preventing
any inaccurate or misleading impression about the nature of the
non-deposit investment product or its lack of FDIC insurance.
INTERNET SECURITY - We continue covering some of the issues
discussed in the "Risk Management Principles for Electronic
Banking" published by the Basel Committee on Bank Supervision in May
2001.
Board and Management Oversight
Because the Board of Directors and senior management are responsible for
developing the institution’s business strategy and establishing an
effective management oversight over risks, they are expected to take an
explicit, informed and documented strategic decision as to whether and how
the bank is to provide e-banking services. The initial decision should
include the specific accountabilities, policies and controls to address
risks, including those arising in a cross-border context. Effective
management oversight is expected to encompass the review and approval of
the key aspects of the bank’s security control process, such as the
development and maintenance of a security control infrastructure that
properly safeguards e-banking systems and data from both internal and
external threats. It also should include a comprehensive process for
managing risks associated with increased complexity of and increasing
reliance on outsourcing relationships and third-party dependencies to
perform critical e-banking functions.
PRIVACY - We continue covering various issues in the
"Privacy of Consumer Financial Information" published by the
financial regulatory agencies in May 2001.
Nonpublic Personal Information:
"Nonpublic personal information" generally is any
information that is not publicly available and that:
1) a consumer provides to a financial institution to obtain a
financial product or service from the institution;
2) results from a transaction between the consumer and the
institution involving a financial product or service; or
3) a financial institution otherwise obtains about a consumer in
connection with providing a financial product or service.
Information is publicly available if an institution has a reasonable basis
to believe that the information is lawfully made available to the general
public from government records, widely distributed media, or legally
required disclosures to the general public. Examples include information
in a telephone book or a publicly recorded document, such as a mortgage or
securities filing.
Nonpublic personal information may include individual items of information
as well as lists of information. For example, nonpublic personal
information may include names, addresses, phone numbers, social security
numbers, income, credit score, and information obtained through Internet
collection devices (i.e., cookies).
There are special rules regarding lists. Publicly available information
would be treated as nonpublic if it were included on a list of consumers
derived from nonpublic personal information. For example, a list of the
names and addresses of a financial institution's depositors would be
nonpublic personal information even though the names and addresses might
be published in local telephone directories because the list is derived
from the fact that a person has a deposit account with an institution,
which is not publicly available information.
However, if the financial institution has a reasonable basis to believe
that certain customer relationships are a matter of public record, then
any list of these relationships would be considered publicly available
information. For instance, a list of mortgage customers where the
mortgages are recorded in public records would be considered publicly
available information. The institution could provide a list of such
customers, and include on that list any other publicly available
information it has about the customers on that list without having to
provide notice or opt out. |
