|
 |
 |
 |
 |
|
The Federal Reserve Board on Friday approved final rules to implement new risk-based capital requirements in the United States for large, internationally active banking organizations. The new advanced capital adequacy framework, known as Basel II, more closely aligns regulatory capital requirements with actual risks and should further strengthen banking organizations’ risk-management practices.
The federal financial institution regulatory agencies and the Federal Trade Commission have sent to the Federal Register for publication final rules on identity theft “red flags” and address discrepancies. The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft
The federal financial regulatory agencies issued final rules today that provide consumers with an opportunity to "opt out" before a financial institution uses information provided by an affiliated company to market its products and services to the consumer. The final rules on affiliate marketing implement section 214 of the Fair and Accurate Credit Transactions Act of 2003, which amends the Fair Credit Reporting Act (FCRA).
Consumers need to keep five tips in mind for managing their checking accounts and safeguarding their funds from unauthorized transfers by criminals, according to a new Federal Reserve Board publication.
The Securities and Exchange Commission (SEC) and Board of Governors of the Federal Reserve System (Board) on Monday announced the adoption of final joint rules to implement the “broker” exceptions for banks under Section 3(a)(4) of the Securities Exchange Act of 1934. These exceptions were adopted as part of the Gramm-Leach-Bliley Act of 1999 (GLB Act). The SEC and the Board approved the final rules at separate open meetings held on September 19, 2007, and September 24, 2007, respectively.
The federal bank and thrift agencies issued final rules on Friday expanding the range of small institutions eligible for an extended 18-month on-site examination cycle. The final rules allow well-capitalized and well-managed banks and savings associations with up to $500 million in total assets and a composite CAMELS rating of 1 or 2 to qualify for an 18-month (rather than a 12-month) on-site examination cycle.
The Federal Reserve, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the Federal Deposit Insurance Corporation reached an agreement today regarding the implementation of Basel II in the United States. The agreement resolves major outstanding issues and will now lead to finalization of a rule implementing the advanced approaches for computing large banks' risk-based capital requirements.
The federal financial regulatory agencies on Thursday issued a statement setting forth the agencies’ policy for enforcing specific anti-money laundering requirements of the Bank Secrecy Act (BSA). The purpose of the Interagency Statement on Enforcement of Bank Secrecy Act/Anti-Money Laundering Requirements is to provide greater consistency among the agencies in enforcement decisions in BSA matters and to offer insight into the considerations that form the basis of those decisions. The applicable statutes provide that if a regulated institution fails to establish and maintain a BSA compliance program or fails to correct a previously identified problem with its BSA compliance program, the appropriate agency shall issue a formal cease and desist order. The statement, which reflects the agencies’ current practices on enforcement with respect to BSA compliance, describes the circumstances under which the agencies will issue a cease and desist order in compliance with these statutory provisions. The statement also makes clear that the agencies may take formal or informal enforcement actions to address other concerns related to BSA or anti-money laundering, depending on the facts. The statement complements the Bank Secrecy Act/Anti-Money Laundering Examination Manual, which was similarly designed to foster interagency consistency and transparency regarding the BSA examination process.
The federal bank and thrift agencies on Tuesday requested public comment on proposed interim rules expanding the range of small institutions eligible for an extended 18-month on-site examination cycle. The proposed interim rules allow well-capitalized and well-managed banks and savings associations with up to $500 million in total assets and a composite CAMELS rating of 1 or 2 to qualify for an 18-month (rather than a 12-month) on-site examination cycle. Until recently, only institutions with less than $250 million in total assets could qualify for an extended 18-month on-site examination cycle. The proposed interim rules also revise the provisions governing the on-site examination cycle for the U.S. branches and agencies of foreign banks.
The Financial Crimes Enforcement Network (FinCEN) and the federal banking agencies announced Thursday that the format for the Suspicious Activity Report by Depository Institutions (SAR-DI) has been revised to support a new joint filing initiative, which will reduce the number of duplicate SARs filed for a single suspicious transaction. The revisions are the result of a joint effort by FinCEN and the federal banking agencies.
The OCC, Board, FDIC, OTS, NCUA, FTC, CFTC, and SEC (the Agencies) are proposing amendments to their rules that implement the privacy provisions of the Gramm-Leach-Bliley Act (GLB Act), Title V, Subtitle A. These rules require financial institutions to provide initial and annual privacy notices to their customers. As required under Section 728 of the Financial Services Regulatory Relief Act of 2006 (Regulatory Relief Act or Act), the Agencies are proposing a safe harbor model privacy form that financial institutions may use to provide disclosures under the privacy rules.
Summary: The federal bank and thrift regulatory agencies are seeking comment on the attached proposed guidance describing current agency expectations for banking organizations that would adopt the Advanced Internal Ratings-Based Approach (IRB) for credit risk and the Advanced Measurement Approaches (AMA) for operational risk under the proposed new Basel II capital framework. The proposed guidance also establishes the process for supervisory review and the implementation of the capital adequacy assessment process under Pillar 2 of the Basel II framework. The FDIC will accept comments on the proposed guidance through May 29, 2007.
The federal bank and thrift regulatory agencies on Thursday announced that they will seek public comment on three proposed supervisory guidance documents related to the September 2006 notice of proposed rulemaking (NPR) on new risk-based capital requirements in the United States for large, internationally active banking organizations. The September 2006 NPR detailed the agencies' proposal for implementing the new capital framework issued by the Basel Committee on Banking Supervision in 2004 (Basel II). The proposed U.S. Basel II capital framework would be mandatory for large, internationally active U.S. banking organizations and optional for other institutions. The Basel II NPR includes requirements that banking organizations would need to satisfy to calculate their risk-based capital under the proposed new capital framework. The proposed supervisory guidance provides information to assist bankers, as well as supervisors, in addressing the Basel II qualification requirements.
The Federal Reserve Banks today announced plans to conduct another round of studies to determine the current composition of the nation's retail payments market, including checks, credit and debit cards, and automated clearing house (ACH) transactions. These two studies will build on information gained from similar studies published by the Reserve Banks in 2001 and 2004. "As the nation continues its migration from paper-based to electronic payments, we believe these studies will provide additional insight to help industry participants plan for the future," said Richard Oliver, an executive vice president with the Federal Reserve Bank of Atlanta and the Federal Reserve System's product manager for retail payments.
The Federal Reserve Board on Friday approved changes to its Policy on Payments System Risk that revise the Board's expectations for systemically important payments and settlement systems subject to its authority and update and clarify the policy with regard to central counterparties. Under the revised policy, systemically important payments and settlement systems subject to the Board's authority are expected to complete and disclose publicly self-assessments against the principles and minimum standards in the policy. The self-assessment should be reviewed and approved by the system's senior management and board of directors upon completion and made readily available to the public. In addition, a self-assessment should be updated following material changes to the system or its environment and, at a minimum, reviewed by the system every two years.
The Agencies are adopting an Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Activities ("Final Statement"). The Final Statement pertains to national banks, state banks, bank holding companies (other than foreign banks), federal and state savings associations, savings and loan holding companies, U.S. branches and agencies of foreign banks, and SEC-registered broker-dealers and investment advisers (collectively, "financial institutions" or ("institutions") engaged in complex structured finance transactions ("CSFTs"). In May 2004, the Agencies issued and requested comment on a proposed interagency statement ("Initial Proposed Statement"). After reviewing the comments received on the Initial Proposed Statement, the Agencies in May 2006 issued and requested comment on a revised proposed interagency statement ("Revised Proposed Statement").
The Federal Reserve Board on Tuesday released a draft interagency notice of proposed rulemaking that would revise the existing risk-based capital framework by giving the vast majority of banks, bank holding companies, and savings associations the option of either continuing to use the existing Basel I-based capital rule or adopting a more risk sensitive rule, known as Basel IA. However, as proposed, Basel IA would not be available to large, complex international banking organizations subject to the proposed Basel II advanced capital framework. "Basel IA is intended as an option for the wide range of institutions that will not be adopting the advanced approaches of Basel II," said Governor Susan S. Bies. "The goal is to improve the Basel I standards by making them somewhat more risk sensitive while at the same time retaining a relatively simple and straightforward approach suitable for all but the largest and most complex institutions."
The Federal Reserve Board announced the appointment of the chairmen and deputy chairmen of the twelve Federal Reserve Banks for 2007. Each Reserve Bank has a nine-member board of directors. The Board of Governors in Washington appoints three of these directors and each year designates one of its appointees as chairman and a second as deputy chairman.
The Agencies are proposing Red Flag Regulations that adopt a flexible risk-based approach similar to the approach used in the "Interagency Guidelines Establishing Information Security Standards" issued by the Federal banking agencies (FDIC, Board, OCC and OTS), the "Guidelines for Safeguarding Member Information" issued by the NCUA, and the "Standards for Safeguarding Customer Information" issued by the FTC, (collectively, Information Security Standards), to implement section 501(b) of the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. 6801. Under the proposed Red Flag Regulations, financial institutions and creditors must have a written Program that is based upon the risk assessment of the financial institution or creditor and that includes controls to address the identity theft risks identified.
The Fair and Accurate Credit Transaction Act of 2003 (FACTA) added new sections to the federal Fair Credit Reporting Act (FCRA, 15 U.S.C. 1681 et seq.), intended primarily to help consumers fight the growing crime of identity theft. Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in FACTA. (Pub. L. 108-159, 111 Stat. 1952) This is all good news for consumers. However, consumers came out on the losing end when Congress virtually barred states from adopting stronger laws. The Notes section at the end of this guide has more information about Congressional pre-emption of state laws.
The federal bank and thrift regulatory agencies announced today that they will request public comment on a notice of proposed rulemaking (NPR) that would implement new risk-based capital requirements in the United States for large, internationally active banking organizations. The NPR details the agencies' plans for implementing the Basel Committee on Banking Supervision's (BCBS) new capital accord (Basel II) that was issued in 2004. The agencies also will request comment on proposed Basel II supervisory reporting templates. The Federal Reserve Board (Board), the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the Office of Thrift Supervision (OTS) first adopted risk-based capital standards in 1989. Those standards were based on the Basel Capital Accord that the BCBS originally issued in 1988 (Basel I). For banking organizations that meet qualifying criteria, the Basel II NPR would replace U.S. rules implementing Basel I. The proposed framework would be mandatory for large, internationally active banking organizations and optional for others.
Purpose The staffs of the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (the Agencies) have jointly developed the attached frequently asked questions (FAQs) to assist financial institutions and their technology service providers in understanding the Federal Financial Institutions Examination Council's (FFIEC's) guidance entitled Authentication in an Internet Banking Environment (the guidance). Overview The guidance, issued on October 12, 2005, updates the FFIEC's guidance entitled Authentication in an Electronic Banking Environment issued in 2001. It addresses the need for risk based assessments, customer awareness, and enhanced security measures to authenticate customers using Internet-based products and services that process high risk transactions involving access to customer information or the movement of funds to other parties. The attached FAQs are a representation of questions the Agencies have received from financial institutions, Agency examiners, and technology service providers and they address the scope of the guidance, risk assessments, the time frame for implementation, and other issues.
The mandatory dissemination of certain information by financial institutions is a key aspect of consumer protection law. It offers two significant advantages for consumer protection in the financial area over the alternative of direct government intervention into product pricing and content. First, information disclosure is compatible with competition, a significant market force already at work to protect consumers by keeping price rises in check. Because of competition, institutions already have incentives to make their products known, to reveal favorable pricing and product features, and to treat consumers fairly by keeping them generally informed about what they want and need to know. When a financial institution employs these strategies, it generates a good business reputation that will produce referrals and repeat customers. Actions that firms use to accomplish these goals include advertising their prices and supplying clients and potential customers with useful information about product prices and features. The requirements for disclosures assist in the dissemination of financial information by standardizing concepts and terminology, such as the finance charge and annual percentage rate under the Truth in Lending Act and the annual percentage yield under the Truth in Savings Act. Such standardization advances consumers; knowledge about pricing and features of the financial products and institutions and lowers consumers; transactions costs by making shopping easier. The standard format of required disclosures helps highlight the performance of the best institutions and exposes the inadequacies of the poorer ones. Well-informed shoppers help keep markets competitive, which benefits buyers of products and services by minimizing the spread between
producers’ production costs and market price.
The Offıce of Thrift Supervision (OTS), along with the other federal banking agencies, has released the revised Information Security Booklet and an Executive Summary of the Federal Financial Institutions Examination Council's (FFIEC) Information Technology Examination Handbook. The revised Information Security Booklet, which replaces the 2003 version of the booklet, provides updated guidance for examiners, savings associations, and technology service providers to use in identifying information security risks and evaluating the adequacy of controls and risk management practices. The revised guidance addresses changes in technology, risk assessments, mitigation strategies, and regulatory guidance.
The federal financial institution regulatory agencies and the Federal Trade Commission are soliciting comments on a Notice of Proposed Rulemaking (NPRM) concerning identity theft "red flags" and address discrepancies. The NPRM, which has been reviewed and approved by each of the listed agencies, implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The regulations that the agencies are jointly proposing would require each financial institution and creditor to develop and implement an identity theft prevention program that includes policies and procedures for detecting, preventing, and mitigating identity theft in connection with account openings and existing accounts. The proposed regulations include guidelines listing patterns, practices, and specific forms of activity that should raise a "red flag" signaling a possible risk of identity theft. Under the proposed regulations, an identity theft prevention program established by a financial institution or creditor would have to include policies and procedures for detecting any "red flag" relevant to its operations and implementing a mitigation strategy appropriate for the level of risk.
The Federal Reserve Board on Thursday requested comment on proposed revisions to Part I of its Policy on Payments System Risk (PSR policy), which addresses risk management in payments and settlement systems. The proposed revisions update and revise the policy in several ways. First, the Board is proposing to incorporate into its PSR policy the international risk management standards for central counterparties recently developed by the Committee on Payment and Settlement Systems (CPSS) of the central banks of the Group of Ten countries and the Technical Committee of the International Organization of Securities Commissions (IOSCO). These standards, published by the Bank for International Settlements in a report titled Recommendations for Central Counterparties (Recommendations for CCP), will serve as the Board's minimum standards for central counterparties identified as systemically important and subject to the Board's authority. This proposed change is consistent with past revisions that incorporated into the PSR policy the Core Principles for Systemically Important Payment Systems (Core Principles) and Recommendations for Securities Settlement Systems (Recommendations for SSS), developed by the CPSS and CPSS-IOSCO, respectively.
The Federal Reserve Board announced Wednesday the consolidation of two internal advisory committees on payments system matters. The duties of the Payments System Policy Advisory Committee will be expanded to encompass the responsibilities and activities of the Payments System Development Committee, including its public outreach efforts. The Payments System Development Committee will be discontinued. The Payments System Policy Advisory Committee was formed in July 1986 to advise the Board on a range of issues, including risk-management issues, primarily in wholesale payment and settlement systems, and the relationship between wholesale payment systems and financial markets. The Payments System Development Committee was formed in July 1999 to advise on medium- and long-term public policy issues surrounding innovation in the retail payments system. The expanded Payments System Policy Advisory Committee will provide the Board with a coordinated view of developments in both wholesale and retail payments at a time of significant overall change in the U.S. payments system and help coordinate Federal Reserve work involving domestic and international payments and settlement systems.
Federal regulators today released Evolution of a Prototype Financial Privacy Notice, a report by Kleimann Communication Group summarizing consumer research commissioned by the regulators as part of their ongoing efforts to develop improved financial privacy notices.
The report's release concludes the first phase of an interagency project by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Federal Trade Commission, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Securities and Exchange Commission to explore alternatives for financial privacy notices that would be easier for consumers to read, understand, and use than many of the notices consumers currently receive from financial institutions. These six agencies were among those that jointly issued regulations in 2000 implementing the financial privacy provisions of the Gramm-Leach-Bliley Act, but survey data indicate that many consumers neither read nor understand the notices financial institutions provide under those regulations.
An interagency notice of proposed rulemaking (NPR) that would implement Basel II risk-based capital requirements in the United States for large, internationally active banking organizations was made public Thursday by the Federal Reserve Board. The proposed rule would require the largest internationally active banks to enhance the measurement and management of their risks, including credit risk and operational risk. It also would require these banks to have rigorous processes for assessing overall capital adequacy in relation to their total risk profile and to publicly disclose information regarding their risk profile and capital adequacy.
"Given the increasing complexity of the activities at our largest banks, and the related risks of those activities, I fully support efforts to develop a more appropriately risk-sensitive capital framework for those institutions," said Board Chairman Ben S. Bernanke. "The current Basel I framework has become increasingly inadequate for capturing the risks at large, complex U.S. banking organizations."
Rich Spillenkothen, the director of the Division of Banking Supervision and Regulation, will retire on June 30 after thirty years of service with the Federal Reserve Board, including nearly fifteen years as the director of the division. "Rich has led the Board’s supervision program during periods of unparalleled growth, innovation, deregulation, and consolidation in the American banking system, as well as through a number of financial system and banking shocks,” said Federal Reserve Board Chairman Ben S. Bernanke. “During Rich’s tenure, the Federal Reserve’s approach to banking supervision has evolved significantly. His leadership in the supervision of risk management and capital adequacy form a sound basis for the future work of financial supervisors everywhere."
The Federal Reserve Board on Wednesday announced its approval of a final rule to amend Regulation K to require Edge and Agreement corporations and U.S. branches, agencies, and other offices of foreign banks supervised by the Board to establish and maintain procedures reasonably designed to ensure and monitor compliance with the Bank Secrecy Act and related regulations. The Board will publish its final rule in the Federal Register shortly, and the rule will become effective 30 days after publication. The Bank Secrecy Act generally requires a financial institution doing business in the United States to keep records and make reports that have a high degree of usefulness in criminal, tax, or regulatory proceedings. Domestic financial institutions, such as state member banks subject to the Board's Regulation H, already have been required to establish and maintain programs to ensure and monitor compliance with the Bank Secrecy Act. The Board's final rule amends Regulation K to require Edge and Agreement corporations and U.S. branches, agencies, and other offices of foreign banks to implement and maintain similar compliance programs.
Purpose The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and Office of Thrift Supervision are issuing this interagency advisory to financial institutions and their technology service providers. This advisory is intended to raise awareness regarding the threat of a pandemic influenza outbreak and its potential impact on the delivery of critical financial services. It further advises financial institutions and their service providers to consider this and similar threats in their event response and contingency strategies. This issuance discusses the National Strategy for Pandemic Influenza (National Strategy) and the roles and responsibilities it outlines for financial institutions.
The Federal Reserve and the other financial institutions regulatory agencies published on February 9, 2006, the attached Advisory to address safety and soundness concerns that may arise when financial institutions enter into external audit contracts (typically referred to as "engagement letters") that limit the auditors' liability for audit services. The Advisory informs financial institutions that it is unsafe and unsound to enter into engagement letters for audits of financial statements, audits of internal control over financial reporting, or attestations on management's assessment of internal control over financial reporting which include provisions that (1) indemnify the external auditor against all claims made by third parties, (2) hold harmless or release the external auditor from liability for claims or potential claims that might be asserted by the client financial institution (other than claims for punitive damages), or (3) limit the remedies available to the client financial institution (other than punitive damages).
The Federal Reserve Board on Monday announced the approval of a final rule that expands the definition of a small bank holding company (BHC) under the Board's Small Bank Holding Company Policy Statement and the Board's risk-based and leverage capital guidelines for bank holding companies. The policy statement facilitates the transfer of ownership of small community banks by permitting debt levels at small BHCs that are higher than what would typically be permitted for larger BHCs. Because small BHCs may, consistent with the policy statement, operate at a level of leverage that generally is inconsistent with the capital guidelines, the capital guidelines provide an exemption for small BHCs.
The federal financial regulatory agencies today announced the issuance of a final advisory that addresses safety and soundness concerns that may arise when financial institutions agree to limit their external auditors' liability. The agencies' primary concern is that limiting the liability of external auditors in engagement letters may reduce the reliability of audits. The Interagency Advisory on the Unsafe and Unsound Use of Limitation of Liability Provisions in External Audit Engagement Letters informs financial institutions that they should not enter into external audit engagement letters that incorporate unsafe and unsound limitation of liability provisions with respect to audits of financial statements and internal control over financial reporting.
The federal bank and thrift regulatory agencies today announced that they will be hosting a forum in New Orleans for banks and thrifts on March 2 and 3, 2006. The forum, titled “The Future of Banking on the Gulf Coast: Helping Banks and Thrifts Rebuild Communities,” will focus on the short-term and long-term challenges facing banks and thrifts operating in the areas affected by Hurricanes Katrina and Rita and on ways of helping meet the needs of the local communities. Principals from each of the four federal banking agencies will participate in the forum, which will convene at the New Orleans Marriott, 555 Canal Street, New Orleans, Louisiana, at 8:00 a.m. CST on Thursday, March 2, 2006, and close at noon on Friday, March 3, 2006. The FDIC and NeighborWorks of New Orleans will conduct optional bus tours of devastated areas nearby on the afternoons of Wednesday, March 1, and Friday, March 3.
This Small-Entity Compliance Guide is intended to help financial institutions comply with the Interagency Guidelines Establishing Information Security Standards (Security Guidelines). The guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations. The appendix lists resources that may be helpful in assessing risks and designing and implementing information security programs.
Although this guide was designed to help financial institutions identify and comply with the requirements of the Security Guidelines, it is not a substitute for the Security Guidelines. Moreover, this guide only addresses obligations of financial institutions under the Security Guidelines and does not address the applicability of any other federal or state laws or regulations that may pertain to policies or practices for protecting customer records and information.
WASHINGTON, D.C. (January 13, 2006) – The federal financial regulatory agencies today announced a public service campaign to aid in the financial recovery of victims of last year's hurricanes. Although four months have passed since Hurricanes Katrina and Rita made landfall, some bank customers have not yet been in contact with their lenders. Communication is an essential step in the road to financial recovery. The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, the National Credit Union Administration and state financial regulators are encouraging banks, thrifts, and credit unions to continue to work with borrowers affected by the hurricanes. Assistance may include waiving fees, lowering interest rates, extending repayment schedules, or deferring principal or interest for an additional period, where appropriate. For these options to be considered, however, it is essential that the borrower contact his or her lender.
The Check Clearing for the 21st Century Act (Check 21) was signed into law on October 28, 2003, and became effective on October 28, 2004. Check 21 is designed to foster innovation in the payments system and to enhance its efficiency by reducing some of the legal impediments to check truncation. The law facilitates check truncation by creating a new negotiable instrument called a substitute check, which permits banks to truncate original checks, to process check information electronically, and to deliver substitute checks to banks that want to continue receiving paper checks. A substitute check is the legal equivalent of the original check and includes all the information contained on the original check. The law does not require banks to accept checks in electronic form nor does it require banks to use the new authority granted by the Act to create substitute checks.
The Agencies are jointly issuing final Guidance that interprets the requirements of section 501(b) of the GLBA, 15 U.S.C. 6801, and the Security Guidelines2 to include the development and implementation of a response program to address unauthorized access to, or use of customer information that could result in substantial harm or inconvenience to a customer. The Guidance describes the appropriate elements of a financial institution’s response program, including customer notification procedures. Section 501(b) required the Agencies to establish standards for financial institutions relating to administrative, technical, and physical safeguards to: (1) ensure the security and confidentiality of customer information; (2) protect against any anticipated threats or hazards to the security or integrity of such information; and (3) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
On February 1, 2001, the Agencies issued the Security Guidelines as required by section 501(b) (66 FR 8616). Among other things, the Security Guidelines direct financial institutions to: (1) identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems; (2) assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and (3) assess the sufficiency of policies, procedures, customer information systems, and other arrangements in place to control risks.
I. INTRODUCTION Purpose and Scope of the Guide This Small-Entity Compliance Guide1 is intended to help financial institutions2 comply with the Interagency Guidelines Establishing Information Security Standards (Security Guidelines).3 The guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations. The appendix lists resources that may be helpful in assessing risks and designing and implementing information security programs. Although this guide was designed to help financial institutions identify and comply with the requirements of the Security Guidelines, it is not a substitute for the Security Guidelines. Moreover, this guide only addresses obligations of financial institutions under the Security Guidelines and does not address the applicability of any other federal or state laws or regulations that may pertain to policies or practices for protecting customer records and information.
The federal banking regulatory agencies today issued proposed rules to implement a special post-employment restriction on certain senior examiners employed by an agency or Federal Reserve Bank, as required by the Intelligence Reform and Terrorism Prevention Act of 2004. Under the proposal, if an examiner serves as the senior examiner for a depository institution or depository institution holding company for two or more months during the examiners final twelve months of employment with an agency or Reserve Bank, the examiner may not knowingly accept compensation as an employee, officer, director, or consultant from that institution or holding company, or from certain related entities.
Agencies Release Bank Secrecy Act/Anti-Money Laundering Examination Manual The Federal Financial Institutions Examination Council (FFIEC) today released the Bank Secrecy Act/Anti-Money Laundering Examination Manual (FFIEC BSA/AML Examination Manual). The manual’s release marks an important step forward in the effort to ensure the consistent application of the BSA to all banking organizations including commercial banks, savings associations, and credit unions. The FFIEC BSA/AML Examination Manual was developed by the Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), and Office of Thrift Supervision (OTS) (collectively referred to as the federal banking agencies) in collaboration with the Financial Crimes Enforcement Network (FinCEN), the delegated administrator of the BSA. In addition, through the Conference of State Bank Supervisors, the state banking agencies played a consultative role. The Office of Foreign Assets Control collaborated on the development of core overview and examination procedures addressing compliance with regulations enforced by OFAC.
The OCC, FRB, FDIC, and OTS are issuing the attached final “Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice.” The guidance was published in the Federal Register on March 29, 2005, and became effective upon publication. The guidance interprets the Interagency Guidelines Establishing Information Security Standards (Security Guidelines)[1] and states that each financial institution should implement a response program to address unauthorized access to customer information maintained by the institution or its service providers. The guidance describes the components that a response program should contain including procedures to notify customers about incidents that involve unauthorized access to sensitive customer information. The guidance provides that, “when a financial institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible.” However, notice may be delayed if an appropriate law enforcement agency determines that notification will interfere with a criminal investigation and provides the institution with a written request for a delay.
">U. S. Implementation of Basel II: Objectives of Basel Accord Advance a “three- pillar ” approach –Pillar 1 - - minimum capital requirement –Pillar 2 - - supervisory oversight –Pillar 3 - - heightened market discipline Develop a measure of capital that is: –more risk sensitive than the current approach –better suited to the complex activities of internationally-active banks –capable of adapting to market and product evolution
assessments of capital adequacy
The Federal Reserve Board on Monday announced amendments to Appendix A of Regulation CC that reflect the restructuring of the Federal Reserves check processing operations in the Twelfth District. These amendments are part of a series of amendments to Appendix A that will take place through the first quarter of 2006, associated with the previously-announced restructuring of the Reserve Banks check processing operations. Appendix A provides a routing number guide that helps depository institutions determine the maximum permissible hold periods for most deposited checks. As of October 22, 2005, the Portland branch office of the Federal Reserve Bank of San Francisco no longer will process checks, and banks currently served by that office will be reassigned to the Seattle branch office of the Federal Reserve Bank of San Francisco.
The federal bank, thrift and credit union agencies today announced the publication of a brochure with information to help consumers identify and combat a new type of Internet scam known as “phishing.” The term is a play on the word “fishing,” and that’s exactly what Internet thieves are doing – fishing for confidential financial information, such as account numbers and passwords. With enough information, a con artist can run up bills on another person’s credit card or, in the worst case, even steal that person’s identity. In a common type of phishing scam, individuals receive e-mails that appear to come from their financial institution. The e-mail may look authentic, right down to the use of the institution’s logo and marketing slogans. The e-mails often describe a situation that requires immediate attention and then warn that the account will be terminated unless the e-mail recipients verify their account information immediately by clicking on a provided link.
The federal bank and thrift regulatory agencies today issued final rules to implement a special post-employment restriction on certain senior examiners employed by an agency or Federal Reserve Bank, as required by the Intelligence Reform and Terrorism Prevention Act of 2004. Under the final rules, if an examiner serves as the senior examiner for a depository institution or depository institution holding company for two or more months during the examiner's final twel
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RSS Syndication