|
 |
 |
 |
 |
|
The Office of Thrift Supervision (OTS) today urged thrifts in areas affected by Southern California wildfires to consider all reasonable steps to meet customers’ financial needs. OTS will work with thrifts to identify ways to assist in the recovery efforts of their customers and communities. To facilitate recovery efforts while maintaining standards of safety and soundness, OTS encourages all thrifts in affected areas
The federal financial institution regulatory agencies and the Federal Trade Commission have sent to the Federal Register for publication final rules on identity theft “red flags” and address discrepancies. The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft
The federal financial regulatory agencies issued final rules today that provide consumers with an opportunity to "opt out" before a financial institution uses information provided by an affiliated company to market its products and services to the consumer. The final rules on affiliate marketing implement section 214 of the Fair and Accurate Credit Transactions Act of 2003, which amends the Fair Credit Reporting Act (FCRA).
The federal bank and thrift agencies issued final rules on Friday expanding the range of small institutions eligible for an extended 18-month on-site examination cycle. The final rules allow well-capitalized and well-managed banks and savings associations with up to $500 million in total assets and a composite CAMELS rating of 1 or 2 to qualify for an 18-month (rather than a 12-month) on-site examination cycle.
Office of Thrift Supervision (OTS) Director John Reich cited close cooperation among federal bank regulators as a key ingredient in the successes in safeguarding the nation’s financial system from money laundering and terrorist financing.
During a speech at a conference sponsored by the Federal Financial Institutions Examination Council (FFIEC), Reich highlighted several examples of the collaboration between the OTS and the other federal bank agencies in ensuring compliance with the Bank Secrecy Act and anti-money laundering (BSA/AML) rules.
This interagency statement jointly issued by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the National Credit Union Administration, sets forth the Agencies' policy on the circumstance in which an Agency
The federal bank and thrift agencies on Tuesday requested public comment on proposed interim rules expanding the range of small institutions eligible for an extended 18-month on-site examination cycle. The proposed interim rules allow well-capitalized and well-managed banks and savings associations with up to $500 million in total assets and a composite CAMELS rating of 1 or 2 to qualify for an 18-month (rather than a 12-month) on-site examination cycle. Until recently, only institutions with less than $250 million in total assets could qualify for an extended 18-month on-site examination cycle. The proposed interim rules also revise the provisions governing the on-site examination cycle for the U.S. branches and agencies of foreign banks.
Eight federal regulators on Wednesday released a notice of proposed rulemaking (NPR) requesting comment on a model privacy form that financial institutions can use for their privacy notices to consumers required by the Gramm-Leach-Bliley Act (GLB Act). The privacy notices must describe an institution's information sharing practices, and, for certain types of sharing, consumers have the right to opt out. The notices must be provided when a consumer first becomes a customer of a financial institution and then annually for as long as the customer relationship lasts. Last October, President Bush signed into law the Financial Services Regulatory Relief Act of 2006, amending the GLB Act to require the agencies to propose a model form that is succinct and comprehensible to consumers, allows consumers easily to compare privacy practices of financial institutions, and uses easily readable type font.
The OCC, Board, FDIC, OTS, NCUA, FTC, CFTC, and SEC (the Agencies) are proposing amendments to their rules that implement the privacy provisions of the Gramm-Leach-Bliley Act (GLB Act), Title V, Subtitle A. These rules require financial institutions to provide initial and annual privacy notices to their customers. As required under Section 728 of the Financial Services Regulatory Relief Act of 2006 (Regulatory Relief Act or Act), the Agencies are proposing a safe harbor model privacy form that financial institutions may use to provide disclosures under the privacy rules.
Purpose and Scope This document outlines the Office of Thrift Supervision’s (OTS’s) supervisory expectations for savings associations’ gift card programs. The purpose of this guidance is to ensure adequate account administration, marketing, and consumer disclosure practices for gift card programs; to encourage more uniform practices among the thrift institutions that offer gift card programs; and to promote consumer protection while continuing to encourage product innovation. Background A gift card is a payment card with a preloaded value that one consumer typically gives to another as a gift. Like a gift certificate, a consumer may use a gift card to purchase goods or services from one or more merchants.
If you have a complaint against a thrift institution (or savings association), the Office of Thrift Supervision (OTS) may be able to help. The OTS is an office of the Department of the Treasury that regulates and supervises the nation's thrift industry. The OTS's mission is to ensure the safety and soundness of thrift institutions and their compliance with consumer protection laws. The OTS also supports the important role thrift institutions play as home mortgage lenders and providers of other forms of community credit and financial services. Additionally, the OTS oversees the activities and operations of thrift operating subsidiaries and holding companies that own or control thrift institutions.
On May 10, 2006, the President signed an Executive Order establishing an Identity Theft Task Force, and directing it to develop a coordinated strategic plan to combat identity theft. The Task Force was specifically directed to make recommendations on ways to further improve the effectiveness and efficiency of the federal government's activities in the areas of identity theft awareness, prevention, detection, and prosecution. The Executive Order directed the Task Force to deliver the strategic plan to the President within 180 days. By further Executive Order, issued November 3, 2006, the President amended the original order to require submission of the strategic plan by February 9, 2007, or as soon as practicable thereafter as the Chairman and Co-Chairman shall determine.
On March 29, 2005, the Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC), and Office of Thrift Supervision (OTS) (collectively, the Agencies) published the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice (70 FR 15736) (Guidance). The Guidance interprets the requirements of section 501(b) of the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. 6801, and the Interagency Guidelines Establishing Information Security Standards (Security Guidelines) 1 to include the development and implementation of a response program to address unauthorized access to or use of customer information that could result in substantial harm or inconvenience to a customer.
The Office of Thrift Supervision (OTS) announced that it expects publication in the Federal Register early next week of an interagency notice of proposed rulemaking (NPR) regarding potential revisions to the existing domestic risk-based capital framework (Basel IA). These changes would apply to U.S. banks, bank holding companies, and savings associations.
The Office of Thrift Supervision (OTS) announced the recent appointment of William H. Henley, Jr. as its Director of IT Risk Management. In this position, Henley is supporting the examination and supervision of savings associations for Information Technology (IT) issues. In particular, he is the principle advisor for development, implementation and maintenance of policies, procedures and guidelines in the IT area, including Technology Risk Management. Henley is also serving as the OTS representative to the FFIEC IT Subcommittee.
The Office of Thrift Supervision (OTS) is issuing updated versions of the Directors' Responsibility Guide and the Directors' Guide to Management Reports to highlight our supervisory expectation for a strong, consistent approach towards sound corporate governance practices, as well as the importance of strong, independent boards of directors.
The updated Director's Guide adds a new section on statutory and regulatory responsibility and clarifies the issue of blurred lines of responsibility between the board and management. We have also added a chart on the applicability of selected Sarbanes-Oxley requirements. The streamlined, restructured Guide to Management Reports consolidates some existing reports and adds additional red flags to monitor internal controls and financial performance.
IIB and ABN AMRO discussed the following issues related to the United States' implementation of the Accord in the Basel II NPR published on September 25, 2006, and the European Union's implementation of the Accord in its Capital Requirements Directive (CRD): Definition of default. Commenters noted that the EU and US definitions of default are significantly different. For example, the US considers a wholesale obligor to be in default if any wholesale exposure has been placed in a non-accrual status consistent with the Call Report or Thrift Financial Report Instructions. By contrast, the EU considers a wholesale obligor to be in default when the bank makes a determination that the borrower is unlikely to pay its credit obligations to the credit institution in full without recourse by the credit institution to actions such as realizing collateral.
The proposed information collection requirement described below has been submitted to the Office of Management and Budget (OMB) for review and approval, as required by the Paperwork Reduction Act of 1995. OTS is soliciting public comments on the proposal. DATES: Submit written comments on or before November 20, 2006.
Good morning, Chairman Shelby, Ranking Member Sarbanes, and Members of the Committee. Thank you for the opportunity to discuss the views of the Office of Thrift Supervision (OTS) on the recently proposed Basel II capital framework and to update you on risk-based capital modernization in the U.S. When I testified before this Committee nearly a year ago, I discussed my views on the development of the Basel II framework as of November 2005. I expressed concern about what we had just learned from the quantitative impact study, QIS-4. In particular, I noted that if we applied the emerging U.S. Basel II standard to the portfolios of some of our largest banks, there could be a potentially significant drop in their capital levels and a wide dispersion of capital requirements between banks. I also stated that even beyond these concerns, we had yet to resolve difficult policy issues in the modernization of our risk-based capital standards.
U.S. Treasury Deputy Assistant Secretary D. Scott Parsons will speak about the financial sector's preparedness for a disaster or attack September 12, 2006 at 9:00 a.m. at the Financial and Banking Information Infrastructure Committee / Financial Services Sector Coordinating Council meeting. He will give remarks at the City University of New York's Graduate School and University Center.
On August 4, 2003, the agencies issued an advance notice of proposed rulemaking (ANPR) (68 FR 45900) that sought public comment on a new risk-based regulatory capital framework based on the Basel Committee on Banking Supervision (BCBS)2 April 2003 consultative paper entitled "The New Basel Capital Accord" (Proposed New Accord). The Proposed New Accord set forth a "three pillar" framework encompassing risk-based capital requirements for credit risk, market risk, and operational risk (Pillar 1); supervisory review of capital adequacy (Pillar 2); and market discipline through enhanced public disclosures (Pillar 3). The Proposed New Accord incorporated several methodologies for determining a bank's risk-based capital requirements for credit, market, and operational risk.
The agencies have published a joint notice of proposed rulemaking entitled Risk¬Based Capital Standards: Advanced Capital Adequacy Framework (the NPR). The NPR describes a new regulatory capital framework for U.S. banks that qualify for and adopt the advanced internal ratings-based (AIRB) approach for credit risk and the advanced measurement approach (AMA) for operational risk (together, the advanced approaches). Included within the NPR are requirements for public disclosure of certain information at the consolidated banking organization level as well as a reference to certain additional regulatory reporting requirements for depository institutions (DIs) and BHCs. The additional regulatory reporting requirements referenced within the NPR, and described more fully herein, comprise the agencies' proposed regulatory reporting requirements.
The federal bank and thrift regulatory agencies announced today that they will request public comment on a notice of proposed rulemaking (NPR) that would implement new risk-based capital requirements in the United States for large, internationally active banking organizations. The NPR details the agencies' plans for implementing the Basel Committee on Banking Supervision's (BCBS) new capital accord (Basel II) that was issued in 2004. The agencies also will request comment on proposed Basel II supervisory reporting templates. The Federal Reserve Board (Board), the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the Office of Thrift Supervision (OTS) first adopted risk-based capital standards in 1989. Those standards were based on the Basel Capital Accord that the BCBS originally issued in 1988 (Basel I). For banking organizations that meet qualifying criteria, the Basel II NPR would replace U.S. rules implementing Basel I. The proposed framework would be mandatory for large, internationally active banking organizations and optional for others.
The Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), Office of Thrift Supervision (OTS), and the Financial Crimes Enforcement Network (FinCEN) are hosting two nationwide conference calls regarding the release of the revised 2006 FFIEC BSA/AML Examination Manual for the banking industry. The Office of Foreign Assets Control will also participate in these calls. Each one-hour teleconference will provide an overview of significant revisions and updates to the manual and conclude with a question and answer session. These calls are open to all banking organizations.
The following Question and Answer (Q & A) guidance is the first group of responses to questions submitted during the July 31, 2006, OTS BSA/AML "Getting it Right" conference call. If you do not see your specific question covered, please check back at a later date. We expect to have the majority of Q & A's posted by August 31, 2006. The answers provided may encompass suggested best practice guidance and are not intended to be comprehensive, apply to all factual situations, or to replace or supersede the BSA regulations. Whenever possible, we consolidated common questions and provided hyperlinks to various referenced guidance materials or administrative rulings.
The Office of Thrift Supervision (OTS), the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency have issued the attached FAQs to assist you and your technology service providers to conform with the Federal Financial Institutions Examination Council's (FFIEC's) guidance entitled Authentication in an Internet Banking Environment (the guidance) issued on October 12, 2005.
The Offıce of Thrift Supervision (OTS), along with the other federal banking agencies, has released the revised Information Security Booklet and an Executive Summary of the Federal Financial Institutions Examination Council's (FFIEC) Information Technology Examination Handbook. The revised Information Security Booklet, which replaces the 2003 version of the booklet, provides updated guidance for examiners, savings associations, and technology service providers to use in identifying information security risks and evaluating the adequacy of controls and risk management practices. The revised guidance addresses changes in technology, risk assessments, mitigation strategies, and regulatory guidance.
Conference Call A live, 90 minute, telephone briefing that will provide thrifts with valuable information regarding BSA/AML compliance, including best practices, common violations, and strategies for building an effective BSA/AML compliance program. Hear from top experts at OTS and have an opportunity to ask questions and receive answers. Compliance Officers, Risk Managers, Auditors, Attorneys, and Senior Managers Should Make Plans to Participate Monday, July 31
Summary: This Regulatory Bulletin transmits Examination Handbook Section 341, Information Technology Risks and Controls. The Office of Thrift Supervision substantially revised and reorganized this section of the Examination Handbook. This handbook section replaces existing guidance found in Thrift Activities Handbook Section 341, Technology Risk Controls. This bulletin rescinds RB 32-21 dated January 7, 2002.
The rapid growth and extensive deployment of information technology (IT) requires a thorough assessment of the risks inherent in such activities. The Examination Handbook section issued today outlines OTS expectations that savings associations fully address the risks and challenges posed by using technlology, and establish effective risk management practices commensurate with the association's size and complexity. Use this Handbook section and its examination procedures in conjunction with other Handbook sections that provide guidance for reviewing an association's internal control environment.
Summary: We are issuing this advance notice of proposed rulemaking ("Advance Notice") as part of our ongoing effort to address, in the context of the Bank Secrecy Act, the issue of access to banking services by money services businesses. Both the banking industry and the money services business industry have expressed concerns with regard to the impact of Bank Secrecy Act regulations on the ability of money services businesses to open and maintain accounts and obtain other banking services at banks and other depository institutions. Due to the concerns about the effect of regulatory requirements on the provision of banking services to money services businesses, we, through the Non-bank Financial Institutions and the Examinations subcommittees of the Bank Secrecy Act Advisory Group, held a fact-finding meeting on March 8, 2005, to hear directly from banks, other depository institutions, and money services businesses concerning the challenges that they face on this issue.
The Office of Thrift Supervision (OTS) is encouraging savings institutions to take advantage of a new Treasury Department program to educate their customers on identity theft prevention and remedies. The program, available to institutions on a DVD, entitled Identity Theft: Outsmarting the Crooks, informs consumers on protecting themselves against identity theft. The Treasury Department launched the DVD, created by the Department's Critical Infrastructure Protection Office, on January 26th. The DVD educates consumers on what identity theft is, how they can protect themselves, and what they should do if they become victims of identity theft. It covers topics such as: online safety, access to credit reports, taxpayer vulnerabilities to identity theft, and how to deal with debts and debt collectors in connection with identity theft.
The Northeast Region is conducting a second series of one-day Technology Managers Seminars focusing on IT issues of interest to our regulated financial institutions. Feedback from our 2004 Seminars indicated that attendees found it an excellent vehicle providing practical guidance for managing technology risks.
This year's topics will include:
The federal financial institution regulatory agencies and the Federal Trade Commission have jointly issued for comment an Advance Notice of Proposed Rulemaking (ANPR) on section 312 of the Fair and Accurate Credit Transactions Act (FACT Act). Comments are invited for the purpose of developing guidelines and rules to implement section 312. Section 312 requires the agencies to: (1) establish guidelines regarding the accuracy and integrity of information furnished to consumer reporting agencies; and (2) prescribe regulations that require the entities that furnish such information to establish reasonable policies and procedures for implementing the guidelines. Section 312 also requires the agencies to prescribe regulations that identify the circumstances under which an entity that furnishes information to consumer reporting agencies will be required to reinvestigate a dispute concerning the accuracy of information contained in a consumer credit report based on a consumer's direct request.
Purpose The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and Office of Thrift Supervision are issuing this interagency advisory to financial institutions and their technology service providers. This advisory is intended to raise awareness regarding the threat of a pandemic influenza outbreak and its potential impact on the delivery of critical financial services. It further advises financial institutions and their service providers to consider this and similar threats in their event response and contingency strategies. This issuance discusses the National Strategy for Pandemic Influenza (National Strategy) and the roles and responsibilities it outlines for financial institutions.
This document describes the mission, goals, and performance results of the Office of Thrift Supervision. It also provides OTS’s FY 2006 approved budget and strategies. Although OTS receives no appropriated funds from Congress, OTS provided this budget information to the Department of the Treasury for inclusion in the Justification for Appropriations and Performance Plans that Treasury submitted to Congress on February 6, 2006. OTS Strategic Priorities OTS’s FY 2006 budget totals $215.5 million. The budget directly supports OTS’s strategic and performance goals that provide for proactive supervision of the industry, reduced regulatory burden and improved credit availability. The FY 2006 budget enables OTS to continue tailoring supervisory examinations to the risk profile of the institutions, while effectively allocating resources to oversee and assess the safety and soundness and consumer compliance record of the thrift industry.
U.S. Treasury Secretary John W. Snow today named Robert W. Werner as the new Director of the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Treasury Department. Werner currently serves as the Director of the Treasury's Office of Foreign Assets Control (OFAC). "OFAC and FinCEN are two premier agencies at the heart of an unparalleled campaign to combat terrorist financing and financial crime across the globe. Fortunately, the Treasury will continue to benefit from Bob's talents and vision, as he takes over FinCEN's critical efforts to safeguard the financial sector from illicit activity," said Snow.
"Bob's expertise and steady leadership brought OFAC into the 21st Century by enhancing the Office's administration of economic and trade-based sanctions and highlighting its potential to address a wide range of threats to our national and economic security," Snow continued. "Under Bob's leadership, OFAC has greatly strengthened its relationships with the financial sector and other U.S. Government agencies, as well as with foreign counterparts around the world."
Welcome to the fifth issue of the The SAR Activity Review - By the Numbers, a compilation of statistitcal data gathered from Suspicious Activity Report forms submitted by depository institutions since April 1996, casinos and card clubs since August 1996, certain money services businesses since January 2002, and certain segments of the securities and futures industries since January 2003. By the Numbers serves as a companion piece to the publication of The SAR Activity Review - Trends, Tips & Issues, which provides inforamtion about the preparation, use, and utility of Suspicious Activity Reports.
By the Numbers is produced twice a year to cover two filing periods: January 1 to June 30 and July 1 to December 31. The statistical data from the filing periods is available for publication on the FinCEN website after the end of each period, usually in the spring and fall. The last issue of By the Numbers was published in May 2005 and may be accessed through the following link:
This Advisory warns financial institutions about the potential for fraudulent transactions involving hurricane relief monies. To assist law enforcement, we request that financial institutions include key terms in the narrative portions of all Suspicious Activity Reports filed relating to possible hurricane relief fraud schemes. In the wake of the devastating Hurricanes Katrina, Rita, and Wilma that struck during the past year, an unusually large amount of emergency financial assistance has been distributed to storm victims in many parts of the country. The Department of Justice’s Hurricane Katrina Fraud Task Force (“Task Force”), which Attorney General Alberto Gonzales established in September 2005, has been vigorously prosecuting all types of fraud relating to the three hurricanes.
The Financial Crimes Enforcement Network and the federal banking agencies – the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision – are issuing the attached guidance to notify institutions when a Suspicious Activity Report (SAR) can be shared with a holding company or other controlling company, or with the head office of a U.S. branch or agency of a foreign bank.
WASHINGTON, D.C. (January 13, 2006) – The federal financial regulatory agencies today announced a public service campaign to aid in the financial recovery of victims of last year's hurricanes. Although four months have passed since Hurricanes Katrina and Rita made landfall, some bank customers have not yet been in contact with their lenders. Communication is an essential step in the road to financial recovery. The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, the National Credit Union Administration and state financial regulators are encouraging banks, thrifts, and credit unions to continue to work with borrowers affected by the hurricanes. Assistance may include waiving fees, lowering interest rates, extending repayment schedules, or deferring principal or interest for an additional period, where appropriate. For these options to be considered, however, it is essential that the borrower contact his or her lender.
The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision jointly requested comment today on a proposed rule establishing standards for safeguarding confidential customer information. The proposed rule would implement section 501 (b) of the Gramm-Leach-Bliley Act (GLBA).
The law requires the agencies to establish standards for financial institutions relating to administrative, technical and physical safeguards for customer records and information. These safeguards are intended to ensure the security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security or integrity of these records and protect against unauthorized access to or use of these records or information that would result in substantial harm or inconvenience to a customer.
The federal bank and thrift regulatory agencies have sent to the Federal Register joint guidelines for safeguarding confidential customer information. The guidelines implement section 501(b) of the Gramm-Leach-Bliley Act (GLBA), and will be effective on July 1, 2001.
The GLBA requires the agencies to establish standards for financial institutions relating to administrative, technical and physical safeguards for customer records and information. These safeguards are to ensure the security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security or integrity of these records, and protect against unauthorized access to or use of these records or information that would result in substantial harm or inconvenience to a customer.
The Agencies are jointly issuing final Guidance that interprets the requirements of section 501(b) of the GLBA, 15 U.S.C. 6801, and the Security Guidelines2 to include the development and implementation of a response program to address unauthorized access to, or use of customer information that could result in substantial harm or inconvenience to a customer. The Guidance describes the appropriate elements of a financial institution’s response program, including customer notification procedures. Section 501(b) required the Agencies to establish standards for financial institutions relating to administrative, technical, and physical safeguards to: (1) ensure the security and confidentiality of customer information; (2) protect against any anticipated threats or hazards to the security or integrity of such information; and (3) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
On February 1, 2001, the Agencies issued the Security Guidelines as required by section 501(b) (66 FR 8616). Among other things, the Security Guidelines direct financial institutions to: (1) identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems; (2) assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and (3) assess the sufficiency of policies, procedures, customer information systems, and other arrangements in place to control risks.
I. INTRODUCTION Purpose and Scope of the Guide This Small-Entity Compliance Guide1 is intended to help financial institutions2 comply with the Interagency Guidelines Establishing Information Security Standards (Security Guidelines).3 The guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations. The appendix lists resources that may be helpful in assessing risks and designing and implementing information security programs. Although this guide was designed to help financial institutions identify and comply with the requirements of the Security Guidelines, it is not a substitute for the Security Guidelines. Moreover, this guide only addresses obligations of financial institutions under the Security Guidelines and does not address the applicability of any other federal or state laws or regulations that may pertain to policies or practices for protecting customer records and information.
Guidance on Developing an Information System Introduction As financial institutions become increasingly dependent on commercial software to support critical business processes, they also increase their exposure to software vulnerabilities. Most financial institutions use multiple commercial software packages. Therefore, it can be challenging to identify, test, and install all of the applicable patches that are necessary to maintain each software package. A patch management program should be part of an institution's overall computer security program. Oversight and accountability should be assigned to an appropriate party; however, the patch management program should include management, information security, and systems operations personnel. Consumer privacy regulations require that periodic risk assessments be provided to the Board of Directors.
Agencies Release Bank Secrecy Act/Anti-Money Laundering Examination Manual The Federal Financial Institutions Examination Council (FFIEC) today released the Bank Secrecy Act/Anti-Money Laundering Examination Manual (FFIEC BSA/AML Examination Manual). The manual’s release marks an important step forward in the effort to ensure the consistent application of the BSA to all banking organizations including commercial banks, savings associations, and credit unions. The FFIEC BSA/AML Examination Manual was developed by the Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), and Office of Thrift Supervision (OTS) (collectively referred to as the federal banking agencies) in collaboration with the Financial Crimes Enforcement Network (FinCEN), the delegated administrator of the BSA. In addition, through the Conference of State Bank Supervisors, the state banking agencies played a consultative role. The Office of Foreign Assets Control collaborated on the development of core overview and examination procedures addressing compliance with regulations enforced by OFAC.
The OCC, FRB, FDIC, and OTS are issuing the attached final “Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice.” The guidance was published in the Federal Register on March 29, 2005, and became effective upon publication. The guidance interprets the Interagency Guidelines Establishing Information Security Standards (Security Guidelines)[1] and states that each financial institution should implement a response program to address unauthorized access to customer information maintained by the institution or its service providers. The guidance describes the components that a response program should contain including procedures to notify customers about incidents that involve unauthorized access to sensitive customer information. The guidance provides that, “when a financial institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused. If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible.” However, notice may be delayed if an appropriate law enforcement agency determines that notification will interfere with a criminal investigation and provides the institution with a written request for a delay.
In 2001, NCUA amended 12 CFR Part 748 to fulfill a requirement in Section 501 of the Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA), in which Congress directed both NCUA and the other Federal Financial Institution Examination Council (FFIEC ) agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (collectively, the “Banking Agencies”) to establish standards for financial institutions relating to administrative, technical, and physical safeguards to...
This advisory letter highlights issues regarding bank electronic record systems in light of the E-SIGN Act. 15 USC 7001, et seq. The letter provides a basic framework that bank management can use to assess and address key issues posed by electronic record keeping systems. BACKGROUND Federal legislation changed the legal framework for electronic records and will likely result in more banks adopting electronic record retention systems. Banks can implement electronic record retention systems in many ways to support different business processes. Some examples of possible electronic record retention systems are loan file imaging, retention of paperless applications and online agreements, and the use of electronic payment systems.
On January 17, 2001, the banking regulatory agencies adopted guidelines implementing Section 501 of the Gramm-Leach-Bliley Act (GLBA). The guidelines require financial institutions to establish a comprehensive and coordinated information security program, appropriate to the size of the bank and the complexity of its operations.
The four Federal banking agencies (the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision) today announced their revised plans for the U.S. implementation of the "International Convergence of Capital Measurement and Capital Standards: A Revised Framework," otherwise known as Basel II. The agencies previously announced on April 29, 2005 that they were delaying issuance of a notice of proposed rulemaking (NPR), pending additional analysis of the quantitative impact study (QIS4) submissions. The agencies intend to move forward with an NPR for domestic implementation of Basel II, but plan to introduce additional prudential safeguards in the NPR to address concerns identified in the analysis of the results of the QIS4 conducted with the industry. The agencies expect that the U.S. Basel II proposal will be available in the first quarter of 2006.
The federal bank, thrift and credit union agencies today announced the publication of a brochure with information to help consumers identify and combat a new type of Internet scam known as “phishing.” The term is a play on the word “fishing,” and that’s exactly what Internet thieves are doing – fishing for confidential financial information, such as account numbers and passwords. With enough information, a con artist can run up bills on another person’s credit card or, in the worst case, even steal that person’s identity. In a common type of phishing scam, individuals receive e-mails that appear to come from their financial institution. The e-mail may look authentic, right down to the use of the institution’s logo and marketing slogans. The e-mails often describe a situation that requires immediate attention and then warn that the account will be terminated unless the e-mail recipients verify their account information immediately by clicking on a provided link.
The four federal banking agencies--the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision--today published an interagency advance notice of proposed rulemaking (ANPR) regarding potential revisions to the existing risk-based capital framework. These changes would apply to banks, bank holding companies, and savings associations.
The Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision have jointly issued Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. The guidance interprets the agencies’ customer information security standards and states that financial institutions should implement a response program to address security breaches involving customer information. The response program should include procedures to notify customers about incidents of unauthorized access to customer information that could result in substantial harm or inconvenience to the customer. The guidance provides that, "when a financial institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused."
I. Introduction Good morning, Chairman Shelby, Ranking Member Sarbanes, and Members of the Committee. Thank you for the opportunity to discuss the views of the Office of Thrift Supervision on the development of the Basel II capital framework in the United States for our larges U.S. financial institutions and the parallel modernization of Basel I for our institutions. The development of Basel II has been underway, internationally, for a number of years. In the Uni
The federal bank and thrift regulatory agencies today issued final rules to implement a special post-employment restriction on certain senior examiners employed by an agency or Federal Reserve Bank, as required by the Intelligence Reform and Terrorism Prevention Act of 2004. Under the final rules, if an examiner serves as the senior examiner for a depository institution or depository institution holding company for two or more months during the examiner's final twel
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RSS Syndication