Internet Banking News
June 3, 1999
Hot off the press - Banks are required to notify the FDIC within 30 days
after entering into an agreement with an Internet transactional web site provider. The
FDIC FIL dated June 3, 1999, can be found at http://www.fdic.gov/banknews/fils/1999/fil9949.html.
There is also an attracted form that should be completed and mail to the FDIC if you have
not already provided the notification.
I have not seen anything from the OCC, but rest assured the same requirements will apply.
The next step for the regulators is to examine the Internet transactional web site
providers regarding security, financial stability, penetration testing, any security
breeches, contracts, maintenance schedules, etc.
RECOMMENDATION:
You should establish a separate file (just like Y2K) for all materials relating to your
transactional web site provider. The file should contain current information about:
1) Due diligence performed before selecting the provider
2) Internet policy and internal control procedures
3) Contact with provider
4) Financial information about the provider
5) Results of the penetration testing performed by the provider
6) Copy of Board minutes relating to Internet activities
7) The providers percentage of down time
8) Insurance coverage both the bank's and the provider's
9) etc. |
