|
 |
 |
 |
 |
|
The Federal Deposit Insurance Corporation (FDIC) today approved the final rule implementing the Advanced Approaches of the Basel II Capital Accord. The new rules are a significant change in regulatory practice, in that they require some large banks to calculate capital requirements using their own internal, model-driven risk estimates.
The Federal Reserve Board on Friday approved final rules to implement new risk-based capital requirements in the United States for large, internationally active banking organizations. The new advanced capital adequacy framework, known as Basel II, more closely aligns regulatory capital requirements with actual risks and should further strengthen banking organizations’ risk-management practices.
The Office of Thrift Supervision (OTS) today urged thrifts in areas affected by Southern California wildfires to consider all reasonable steps to meet customers’ financial needs. OTS will work with thrifts to identify ways to assist in the recovery efforts of their customers and communities. To facilitate recovery efforts while maintaining standards of safety and soundness, OTS encourages all thrifts in affected areas
This GAO announcement has highlights of GAO-08-36, a report to congressional requesters. An outbreak of pandemic flu would require close cooperation between the public and private sectors to ensure the protection of our nation’s critical infrastructure, such as drinking water and electricity. Because over 85 percent of the nation’s critical infrastructure is owned and operated by the private sector, it is vital that both sectors effectively coordinate to successfully protect these assets. The Department of Homeland Security (DHS) is responsible for coordinating a national protection strategy and government and private sector councils have been created as a collaborating tool. GAO was asked to assess how the federal and private sectors are working together at a national level to protect the nation’s critical infrastructure in the event of a pandemic, the challenges they face, and opportunities for addressing these challenges. GAO reviewed 5 of the 17 critical infrastructure sectors. These 5 sectors are energy (electricity), food and agriculture, telecommunications, transportation (highway and motor carrier), and water.
Summary: The Department of the Treasury's Office of Foreign Assets Control has added new entries to its Specially Designated Nationals and Blocked Persons list.
The federal financial institution regulatory agencies and the Federal Trade Commission have sent to the Federal Register for publication final rules on identity theft “red flags” and address discrepancies. The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft
DRAFT SP 800-39, Managing Risk from Information Systems: An Organizational Perspective NIST announces the release of the initial public draft of Special Publication 800-39, Managing Risk from Information Systems: An Organizational Perspective.
The National Credit Union Administration (NCUA) has activated its disaster relief policy to assist credit unions and their members affected by the wildfires in California. President George W. Bush has declared an emergency exists in the state of California and ordered federal aid to supplement state and local response efforts.
Nearly All Participants Find Critical Gaps in Plans The Treasury Department, the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security, and the Securities Industry and Financial Management Association today released the preliminary results of the industry-wide pandemic flu exercise.
Consumers need to keep five tips in mind for managing their checking accounts and safeguarding their funds from unauthorized transfers by criminals, according to a new Federal Reserve Board publication.
The Office of the Comptroller of the Currency today issued a proclamation allowing national bank offices affected by the wildfires in southern California to close at their discretion.
Interfaces for Personal Identity Verification (4 parts): 1- Card Application Namespace, Data Model & Representation 2- Card Appl. Card Command Interface 3- Client Appl. Programming Interface 4- Transitional Interfaces & Data Model NIST Special Publication 800-73-2, Interfaces for Personal Identity Verification , is now available for a 30 day public comment period.
DRAFT NIST IR 7328: Security Assessment Provider Requirements and Customer Responsibilities: Building a Security Assessment Credentialing Program for Federal Information Systems NIST announces the release of draft NIST Interagency Report 7328, Security Assessment Provider Requirements and Customer Responsibilities: Building a Security Assessment Credentialing Program for Federal Information Systems.
The FDIC Advisory Committee on Economic Inclusion (ComE-IN) will convene on October 24 to examine money services businesses (MSBs) and their access to banking services. The committee will hear from experts on the challenges facing the MSB industry as well as from bankers who have successful relationships with MSBs.
What GAO Found The inherent problems of measuring the costs and benefits of regulation make it difficult to assess the extent to which regulations may be unduly burdensome to U.S. financial services firms, particularly in comparison to firms in other countries.
NIST announces the release of five publications: Draft SP 800-110, Information System Security Reference Model, Special Publication (SP) 800-44 version 2, Guidelines on Securing Public Web Servers, Draft SP 800-55 Revision 1, Performance Measurement Guide for Information Security, Draft SP 800-61 Revision 1, Computer Security Incident Handling Guide, and Draft SP 800-82, Guide to Industrial Control Systems (ICS) Security.
NIST announces the release of five publications: Draft SP 800-82, Guide to Industrial Control Systems (ICS) Security,Special Publication (SP) 800-44 version 2, Guidelines on Securing Public Web Servers, Draft SP 800-55 Revision 1, Performance Measurement Guide for Information Security, Draft SP 800-61 Revision 1, Computer Security Incident Handling Guide, and Draft SP 800-110, Information System Security Reference Model.
NIST announces the release of five publications: Computer Security Incident Handling Guide, Draft SP 800-82,Special Publication (SP) 800-44 version 2, Guidelines on Securing Public Web Servers, Draft SP 800-55 Revision 1, Performance Measurement Guide for Information Security, Draft SP 800-61 Revision 1, Guide to Industrial Control Systems (ICS) Security, and Draft SP 800-110, Information System Security Reference Model.
NIST announces the release of five publications: Draft SP 800-55 Revision 1, Performance Measurement Guide for Information Security, Draft SP 800-61 Revision 1, Computer Security Incident Handling Guide, Draft SP 800-82, Guide to Industrial Control Systems (ICS) Security, Draft SP 800-110, Information System Security Reference Model, and Special Publication (SP) 800-44 version 2, Guidelines on Securing Public Web Servers.
NIST announced the release of five publications: Special Publication (SP) 800-44 version 2, Guidelines on Securing Public Web Servers, Draft SP 800-55 Revision 1, Performance Measurement Guide for Information Security, Draft SP 800-61 Revision 1, Computer Security Incident Handling Guide, Draft SP 800-82, Guide to Industrial Control Systems (ICS) Security, and Draft SP 800-110, Information System Security Reference Model.
The federal bank and thrift agencies issued final rules on Friday expanding the range of small institutions eligible for an extended 18-month on-site examination cycle. The final rules allow well-capitalized and well-managed banks and savings associations with up to $500 million in total assets and a composite CAMELS rating of 1 or 2 to qualify for an 18-month (rather than a 12-month) on-site examination cycle.
Summary: The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of Illinois that suffered major damage from storms and flooding.
Summary: In an update to FIL-75-2007, the Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in additional areas of Ohio and Wisconsin that are suffering from storms and flooding.
Summary: In an update to FIL-61-2007 and FIL-68-2007, the Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in additional areas of Oklahoma that are suffering from storms and flooding.
Summary: The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of Minnesota, Wisconsin and Ohio that have suffered major damage from storms and flooding.
Fraudulent letters claiming to be from the Office of the Comptroller of the Currency are being sent to U.S. bank customers in an attempt to elicit funds. The Office of the Comptroller of the Currency (OCC) has notified the Federal Deposit Insurance Corporation (FDIC) that fraudulent letters are in circulation that concern the release of funds supposedly under the control of the International Monetary Unit (IMU) of the European Commission in Belgium. The letter is being sent to U.S. bank customers and indicates that in accordance with international monetary policy, monies are being held until the recipient can produce the necessary documents, which include a Money Laundering/Drug Free Clearance Certificate and an Anti-Terrorist Clearance and Capital Transfer Certificate. According to the European Commission's recent warning, victims are directed to pay approximately $25,000 (U.S. dollars) to obtain these bogus documents.
In an update to FIL-61-2007, dated July 6, 2007, the Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in additional areas of Texas and Oklahoma that are suffering from storms and flooding. Highlights: * Severe storms, tornadoes and flooding have caused significant damage to areas of Texas and Oklahoma. * In Texas, 33 counties have now been declared federal disaster areas, with the addition of Guadalupe, Henderson, Nueces, Van Zandt, Walker and Zavala counties on August 7, 2007.
The Office of the Comptroller of the Currency is encouraging national banks to participate in a U.S. Treasury-sponsored exercise that is intended to test the financial sector’s ability to respond to a pandemic like crisis, such as an influenza pandemic. The exercise provides an excellent opportunity for organizations to test their pandemic plans and to identify opportunities for improvement,
NIST announces that the following draft Special Publications (SP) are now available for public comment: SP 800-113, Guide to SSL VPNs.
NIST announces that the following draft Special Publications (SP) are now available for public comment: SP 800-48 Revision 1, Wireless Network Security for IEEE 802.11a/b/g and Bluetooth.
NIST is pleased to announce the release of Special Publication 800-78-1, Cryptographic Algorithms and Key Sizes for Personal Identity Verification. The document has been modified to enhance interoperability, simplify the development of relying party applications, and enhance alignment with the National Security Agency's Suite B Cryptography.
This alert is about fraudulent correspondence regarding the release of funds supposedly under the control of the International Monetary Unit (IMU) of European Commission (EC) in Belgium. Correspondence, allegedly issued by the Office of the Comptroller of the Currency (OCC) regarding restricted funds purportedly under the control of the European Commission, is in circulation. The item is a hoax. Attached is a copy of this fraudulent correspondence, which is being sent to United States bank customers in an attempt to elicit funds from them. This letter indicates that, in accordance with international monetary policy, monies are being held until the recipient can produce the necessary documents, which include a Money Laundering/Drug Free Clearance Certificate and an Anti-Terrorist Clearance and Capital Transfer Certificate. According to the European Commission’s recent warning, which can be viewed at EU Warning and is also attached, victims of this fraud are directed to pay approximately $25,000 USD to obtain these bogus documents.
Computer interconnectivity has produced enormous benefits but has also enabled criminal activity that exploits this interconnectivity for financial gain and other malicious purposes, such as Internet fraud, child exploitation, identity theft, and terrorism. Efforts to address cybercrime include activities associated with protecting networks and information, detecting criminal activity, investigating crime, and prosecuting criminals.
FDIC Chairman Sheila C. Bair today commented on an agreement in principle that has been reached between The Federal Reserve, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the Federal Deposit Insurance Corporation regarding the implementation of Basel II in the United States. The agreement resolves major outstanding issues and will now lead to finalization of a rule implementing the advanced approaches for computing large banks' risk-based capital requirements.
The Federal Reserve, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the Federal Deposit Insurance Corporation reached an agreement today regarding the implementation of Basel II in the United States. The agreement resolves major outstanding issues and will now lead to finalization of a rule implementing the advanced approaches for computing large banks' risk-based capital requirements.
The Office of the Comptroller of the Currency announced the launch of HelpWithMyBank.gov, a new Web site dedicated to providing answers and assistance to national bank customers. "We created HelpWithMyBank.gov with national bank customers in mind," Comptroller of the Currency John C. Dugan said. "Our goal was to build a site that makes it easier for people to get answers and submit concerns about their bank because we are committed to ensuring fair access to financial services and equal treatment for national bank customers." HelpWithMyBank.gov provides answers to common questions based on thousands of calls made to the OCC Customer Assistance Group each year. While targeted to national bank customers, the site answers many questions common to all banking consumers and provides useful information about contacting regulators of institutions other than national banks.
DHS has issued a national plan aimed at providing a consistent approach to critical infrastructure protection, ensured that all 17 sectors have organized to collaborate on protection efforts, and worked with government and private sector partners to complete all 17 sector-specific plans.Nevertheless, our work has shown that sectors vary in terms of how complete and comprehensive their plans are. Furthermore, DHS recognizes that the sectors, their councils, and their plans must continue to evolve. As they do, and as the plans are updated and annual implementation reports are provided that begin to show the level of protection achieved, it will be important that the plans and reports add value, both to the sectors themselves and to the government as a whole. This is critical because DHS is dependent on these plans and reports to meet its mandate to evaluate whether gaps exist in the protection of the nation’s most critical infrastructure and key resources and, if gaps exist, to work with the sectors to address them.
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of Oklahoma and Texas that suffered major damage from storms and flooding that started in May and continued through June
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of Nebraska, Missouri and Kansas that suffered major damage from storms and flooding that started in May and have continued into early July
The following GAO report highlights GAO-07-737, a report to congressional requesters.In recent years, many entities in the private, public, and government sectors have reported the loss or theft of sensitive personal information.
Fraudulent correspondence bearing the FDIC's name continues to be mailed, faxed and e-mailed. This correspondence is being used in illegal schemes to collect sensitive personal information, such as bank account numbers, and to steal money and other assets.
The Office of the Comptroller of the Currency reports fraudulent letters that appear to be faxed by the Federal Deposit Insurance Corporation are circulating to financial institutions worldwide.
In February 2007, the GAO issued its opinions on the calendar year 2006 financial statements of the Deposit Insurance Fund (DIF) and the FSLIC Resolution Fund (FRF). It also issued its opinion on the effectiveness of the Federal Deposit Insurance Corporation’s (FDIC) internal control over financial reporting (including safeguarding assets) and compliance as of December 31, 2006, and its
Starting July 9, 2007, the FDIC will provide participating state bank regulators access to the FDICconnect Examination File Exchange system.
FDIC Chairman Sheila C. Bair today issued the following statement about Treasury Secretary Henry Paulson’s Remarks on Protecting the Financial System and Effective Implementation of the Bank Secrecy Act at the offices of the Financial Crimes Enforcement Network (FinCEN)
The National Institute of Standards and Technology (NIST) announces the release of Draft Federal Information Processing Standard (FIPS) 180-3 Publication, Secure Hash Standard (SHS)
The National Institute of Standards and Technology (NIST) announces the release of Draft Federal Information Processing Standard (FIPS) 198-1 Publication, The Keyed-Hash Message Authentication Code (HMAC).
The Financial Crimes Enforcement Network issued today the latest edition of the SAR Activity Review – By The Numbers that introduces a number of visual enhancements aimed at providing financial institutions with more information on the geographical dispersion of the Suspicious Activity Report filings.
Topics addressed in this issue include: A discussion of the risks associated with third-party relationships and the effect failure to manage those risks can have on a financial institution An overview of factors that have led to an increase in mortgage fraud, highlights of actual mortgage fraud cases in FDIC-insured institutions and mitigation steps t
How banks can manage risks associated with third-party arrangements for products and services is reported in the FDIC's summer 2007 issue of Supervisory Insights, released today. Other topics covered are the need for vigilance toward mortgage fraud, challenges in maintaining wind insurance, the electronic exchange of documentation in bank examinations, and recent decisions affecting the accounting for split-dollar life insurance.
The Office of the Comptroller of the Currency will host workshops for national community bank directors at the Arrowwood Conference Center, Alexandria, Minnesota, July 10-12. The workshops provide practical information that expands bank directors' skills and understanding of issues facing their banks.
Comptroller of the Currency John C. Dugan testified before Congress that current credit card disclosure rules should be changed to improve consumers’ ability to make well-informed decisions about the credit cards they choose.
Statement Of Sheila C. Bair, Chairman, Federal Deposit Insurance Corporation on Improving Credit Card Consumer Protection: Recent Industry And Regulatory Initiatives before the Subcommittee On Financial Institutions and Consumer Credit of the Financial Services Committee,
Federal agencies have recently reported a spate of security incidents that put sensitive data at risk. Personally identifiable information about millions of Americans has been lost, stolen, or improperly disclosed, thereby exposing those individuals to loss of privacy, identity theft, and financial crimes.
Fraudulent correspondence regarding the release of funds supposedly under the control of Office of the Comptroller of the Currency (OCC) officials.
Fraudulent letters that claim to be from the FDIC are being faxed to financial institutions. The letters request that the financial institution provide a copy of its certification of foreign correspondent accounts.
Comptroller of the Currency John C. Dugan recently established the Enterprise Governance unit to support the Office of the Comptroller of the Currency’s strategic planning, risk management, quality management, assurance testing, and business process improvement efforts.
On December 21, 2006, the Financial Crimes Enforcement Network (FinCEN) and the federal banking agencies announced that the format for the Suspicious Activity Report by Depository Institutions (SAR-DI) was revised. The revisions are the result of their continuing efforts to reduce paperwork and respondent burden. The form was revised and reformatted to standardize suspicious activity reports, enhance the clarity of instructions, allow for joint filing of Suspicious Activity Reports, and to improve the usefulness of the Suspicious Activity Report to law enforcement.
This bulletin is intended to provide guidance to national banks on a number of disclosure and marketing issues presented by gift cards, so that national banks that issue gift cards do so in a manner in which both purchasers and recipients of gift cards are fully informed of the terms and conditions of the product. A gift card is a type of prepaid or stored value card that is designed to be purchased by one consumer (purchaser) and presented as a gift to a second consumer (recipient). The terms and conditions of different gift card products can vary significantly, but gift cards are generally divided into two main categories: retail gift cards and bank-issued gift cards.
The following items were recently posted to the Federal Deposit Insurance Corporation’s (FDIC) Office of Inspector General (OIG) Web site: http://www.fdicig.gov/ under Publications. In cases where an OIG report includes sensitive or confidential information, the OIG may redact certain information in the report, and the report will be marked as such. In some instances because of the highly sensitive nature of the entire report, the OIG may not make the report publicly available and instead, a brief summary of the report is posted to the Web site.
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of South Dakota that suffered major damage from storms and flooding, which started on May 4, 2007.
Banker Education Announcement This is a reminder about the Office of the Comptroller of the Currency’s workshops for national community bank directors. Our next workshop on credit risk will be held in Cape May, New Jersey at the historic Congress Hall Hotel. Set amidst a sweeping lawn overlooking the Atlantic Ocean, this hotel is a classic in America’s oldest seashore resort town. Workshops cost $65 each. Attendees receive a pre-course reading package, course materials, an OCC telephone seminar CD, other appropriate superviso
The U.S. Departments of Treasury, Justice, and Homeland Security have jointly released the 2007 National Money Laundering Strategy, which responds directly to the first U.S. Money Laundering Threat Assessment, released in December 2005.
Highlights of GAO-07-351, a report to the Chief Financial Officer and Chief Operating Officer, Federal Deposit Insurance Corporation The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. As part of its audit of the calendar year 2006 financial statements, GAO assessed (1) the progress FDIC has made in correcting or mitigating information security weaknesses previously reported and (2) the effectiveness of FDIC’s system integrity controls to protect the confidentiality and availability of its financial information and information systems. To do this, GAO examined pertinent security policies, procedures, and relevant reports. In addition, GAO conducted tests and observations of controls
FinCEN has issued a SAR Activity Review report for financial institutions to use. Click to read the SAR Activity Review: Trends, Tips and Issues Update.
United States Department of the Treasury Financial Crimes Enforcement Network FinCEN Advisory
Subject:Transactions Involving Nigeria
This Advisory is being issued to inform banks and other financial institutions operating in the United States that Financial Crimes Enforcement Network (FinCEN) Advisory Issue 32, regarding the Federal Republic of Nigeria, is hereby withdrawn.
Since the issuance of Advisory 32, and as reflected in its June 23, 2006 decision, the Financial Action Task Force on Money Laundering has removed Nigeria from its list of countries that are non-cooperative in the fight against money laundering, recognizing the progress Nigeria has made in implementing anti-money laundering reforms. Nigeria has enacted significant reforms to its counter-money laundering system, addressing the deficiencies listed in Advisory 32, and has taken concrete steps to bring these reforms into effect. Because of the enactment of new laws and the beginning of effective implementation, the enhanced scrutiny called for in Advisory 32 with respect to transactions invol
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in Kiowa County, Kansas, which suffered major damage from tornadoes on May 4, 2007.
The U.S. Departments of Treasury, Justice, and Homeland Security joined together in issuing the 2007 National Money Laundering Strategy, a report detailing continued efforts to dismantle money laundering and terrorist financing networks and bring these criminals to justice. "The 2007 National Money Laundering Strategy is a direct result of close cooperation by the Departments of Justice, Treasury and Homeland Security, along with our foreign counterparts, and signifies our collective commitment to fight money laundering," said Assistant Attorney General Alice S. Fisher of the Justice Department's Criminal Division. "Implementation of this strategy will greatly assist in efforts to seize and forfeit millions in illegal proceeds that flow through the international financial system."
FINANCIAL MARKET PREPAREDNESS Significant Progress Has Been Made, but Pandemic Planning and Other Challenges Remain Highlights of GAO-07-399, a report to congressional requesters This is GAO’s third report since the September 11 terrorist attacks that assesses progress that market participants and regulators have made to ensure the security and resiliency of our securities markets. This report examined (1) actions taken to improve the markets’ capabilities to prevent and recover from attacks; (2) actions taken to improve disaster response and increase telecommunications resiliency; and (3) financial regulators’ efforts to ensure market resiliency. GAO inspected physical and electronic security measures and business continuity capabilities using regulatory, government, and industry-established criteria and discussed improvement efforts with broker dealers, banks, regulators, telecommunications carriers, and trade associations. What GAO Recommends To improve the readiness of the securities markets to withstand potential disease pandemics, securities and banking regulators should consider taking additional actions, including providing formal expectations that market participants’ plans address even severe pandemic outbreaks and setting a date by which such plans should be completed. Banking and securities regulators indicated they believe organizations are adequately addressing this risk, but will consider taking the recommended actions if progress lags. GAO believes that giving greater consideration now would better assure market readiness.
Letters fraudulently claiming to be from the FDIC are requesting that financial institutions deposit official or cashier's checks into customer accounts.
The Federal Deposit Insurance Corporation (FDIC) has become aware of letters that appear to be sent from the FDIC to financial institutions in the United States and other countries. The letters instruct the financial institution to deposit an enclosed official or cashier's check into a customer's account. The letters include "DEPOSIT ACCLERATION" directly below the letterhead and display the forged signatures of "Sandra L. Thompson, Director" and "Christopher J. Spoth, Acting Director 2." The letters are fraudulent and were not sent by the FDIC.
The Financial Crimes Enforcement Network (FinCEN) today filed a Federal Register notice announcing the delayed implementation of certain revised Suspicious Activity Report (SAR) forms that were scheduled to become effective on June 30, 2007. The agency is withdrawing this effective date for the revised SAR forms for depository institutions, casinos and card clubs, insurance companies, and the securities and futures industries. FinCEN will establish new effective and mandatory compliance dates for these revised forms in a future notice. The delay does not impact ongoing suspicious activity reporting, which will continue using the current forms.
President Bush's Identity Theft Task Force today released its strategic plan for combating identity theft, the top consumer fraud reported to the Federal Trade Commission. It is an identity theft road map of the planned actions of the 17-agency task force. Treasury Deputy Assistant Secretary for Critical Infrastructure Protection and Compliance Policy D. Scott Parsons, who led the Department's efforts with the taskforce, released the following statement today.
The Federal Deposit Insurance Corporation (FDIC), a participant in the government-wide Identity Theft Task Force, will provide a direct link to the new, centralized government Web site on identity theft.
The new site, www.idtheft.gov, was launched today. Initially, the site will provide the Task Force's Strategic Plan. The Plan, which represents the input of 17 Federal agencies, including the FDIC, sets out recommendations to prevent identity theft, to assist identity theft victims in recovering from those crimes, and to prosecute and punish identity theft-related criminals. The Plan will be made public today. The taskforce was created on May 10, 2006, by Executive Order to strengthen Federal efforts to protect against identity theft.
For more information on the site, you can visit either www.idtheft.gov or www.fdic.gov.
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in counties most affected by recent severe storms and tornadoes in eastern New Mexico. Highlights:
* Severe storms and tornadoes that occurred on March 23 and 24 have resulted in significant damage in Curry County and Quay County, New Mexico.
* Curry County and Quay Country were declared Federal Disaster Areas on April 2.
* The FDIC is encouraging banks to work constructively with borrowers who are experiencing difficulties beyond their control because of damage caused by the storms.
* Extending repayment terms, restructuring existing loans or easing terms for new loans, if done in a manner consistent with sound banking practices, can contribute to the health of the community and serve the long-term interests of the lending institution.
* The FDIC will also consider regulatory relief from certain filing and publishing requirements for banks in the affected areas.
Why GAO Did This Study For many years, GAO has reported that weaknesses in information security are a widespread problem with potentially devastating consequences—such as intrusions by malicious users, compromised networks, and the theft of personally identifiable information. In reports to Congress since 1997, GAO has identified information security as a governmentwide high-risk issue.
In its decision today in the Watters vs. Wachovia Bank case, the Supreme Court held that federal preemption standards applicable to national banks extend to activities conducted through their operating subsidiaries. Specifically, the Court held that a national bank’s mortgage business, whether conducted by the bank itself or through the bank’s operating subsidiary, is subject to the OCC’s supervision and regulation, and not to state licensing, reporting, and visitorial regimes. We are pleased that the Court’s decision supports the ability of national banks to continue to conduct business activities in their operating subsidiaries as they are now doing.
Summary: The FDIC, the other federal financial institution regulatory agencies, the Securities and Exchange Commission, the Federal Trade Commission, and the Commodity Futures Trading Commission (the agencies) have jointly published the attached Notice of Proposed Rulemaking (NPR) seeking comment on a model privacy form that financial institutions could use to satisfy the privacy notice requirements of the Gramm-Leach-Bliley Act (GLBA). The proposed privacy form would also provide consumers with the opportunity to limit certain information-sharing practices, as permitted by the GLBA and the Fair Credit Reporting Act. Comments on the proposed rule are due by May 29, 2007.
Identity theft is fraud committed or attempted by using the identifying information of another person without his or her authority. Identifying information may include such things as a Social Security number, account number, date of birth, driver's license number, passport number, biometric data and other unique electronic identification numbers or codes. As more financial transactions are done electronically and remotely, and as more sensitive information is stored in electronic form, the opportunities for identity theft have increased significantly. 1 This policy statement describes the characteristics of identity theft and emphasizes the FDIC's well-defined expectations that institutions under its supervision detect, prevent and mitigate the effects of identity theft in order to protect consumers and help ensure safe and sound operations.
The Office of the Comptroller of the Currency will host a compliance risk workshop for national community bank directors at the Omni Charlottesville Hotel, Charlottesville, Virginia, May 2. The workshop entitled, "Compliance Risk: What Directors Need to Know," provides practical information that expands bank directors' skills and understanding of issues facing their banks.
The federal bank and thrift agencies on Tuesday requested public comment on proposed interim rules expanding the range of small institutions eligible for an extended 18-month on-site examination cycle. The proposed interim rules allow well-capitalized and well-managed banks and savings associations with up to $500 million in total assets and a composite CAMELS rating of 1 or 2 to qualify for an 18-month (rather than a 12-month) on-site examination cycle. Until recently, only institutions with less than $250 million in total assets could qualify for an extended 18-month on-site examination cycle. The proposed interim rules also revise the provisions governing the on-site examination cycle for the U.S. branches and agencies of foreign banks.
Because of the integration of voice and data in a single network, establishing a secure VOIP and data network is a complex process that requires greater effort than that required for data-only networks. In particular, start with these general guidelines, recognizing that practical considerations, such as cost or legal requirements, may require adjustments for the organization: 1. Develop appropriate network architecture. • Separate voice and data on logically different networks if feasible. Different subnets with separate RFC 1918 address blocks should be used for voice and data traffic, with separate DHCP servers for each, to ease the incorporation of intrusion detection and VOIP firewall protection
Highlights: - Severe thunderstorms and tornadoes have resulted in significant damage in Sumter County, Georgia, and Coffee County, Alabama. - The FDIC is encouraging banks to work constructively with borrowers who are experiencing difficulties beyond their control because of damage caused by the storms. - Extending repayment terms, restructuring existing loans or easing terms for new loans, if done in a manner consistent with sound banking practices, can contribute to the health of the community and serve the long-term interests of the lending institution. - The FDIC will also consider regulatory relief from certain filing and publishing requirements.
The government’s interest in using technology to detect terrorism and other threats has led to increased use of data mining. A technique for extracting useful information from large volumes of data, data mining offers potential benefits but also raises privacy concerns when the data include personal information. GAO was asked to review the development by the Department of Homeland Security (DHS) of a data mining tool known as ADVISE (Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement). Specifically, GAO was asked to determine (1) the tool’s planned capabilities, uses, and associated benefits and (2) whether potential privacy issues could arise from using it to process personal information and how DHS has addressed any such issues. GAO reviewed program documentation and discussed these issues with DHS officials.
The Financial Crimes Enforcement Network (FinCEN) and the federal banking agencies announced Thursday that the format for the Suspicious Activity Report by Depository Institutions (SAR-DI) has been revised to support a new joint filing initiative, which will reduce the number of duplicate SARs filed for a single suspicious transaction. The revisions are the result of a joint effort by FinCEN and the federal banking agencies.
Eight federal regulators on Wednesday released a notice of proposed rulemaking (NPR) requesting comment on a model privacy form that financial institutions can use for their privacy notices to consumers required by the Gramm-Leach-Bliley Act (GLB Act). The privacy notices must describe an institution's information sharing practices, and, for certain types of sharing, consumers have the right to opt out. The notices must be provided when a consumer first becomes a customer of a financial institution and then annually for as long as the customer relationship lasts. Last October, President Bush signed into law the Financial Services Regulatory Relief Act of 2006, amending the GLB Act to require the agencies to propose a model form that is succinct and comprehensible to consumers, allows consumers easily to compare privacy practices of financial institutions, and uses easily readable type font.
On December 21, 2006, the Financial Crimes Enforcement Network (FinCEN) and the federal banking agencies announced that the format for the Suspicious Activity Report by Depository Institutions (SAR-DI) was revised. The revisions are the result of their continuing efforts to reduce paperwork and respondent burden. The form was revised and reformatted to standardize suspicious activity reports, enhance the clarity of instructions, allow for joint filing of Suspicious Activity Reports, and to improve the usefulness of the Suspicious Activity Report to law enforcement.
Kmart Corporation has agreed to settle Federal Trade Commission charges that it engaged in deceptive practices in advertising and selling its Kmart gift card. As part of the settlement, Kmart will implement a refund program and publicize it on its Web site. This is the agency’s first law enforcement action involving gift cards. “Consumers have a right to know when gift cards come with strings attached,” FTC Chairman Deborah Platt Majoras said. “If fees or restrictions apply, gift card issuers must fully and clearly disclose them.”
This bulletin is intended to provide guidance to national banks on a number of disclosure and marketing issues presented by gift cards, so that national banks that issue gift cards do so in a manner in which both purchasers and recipients of gift cards are fully informed of the terms and conditions of the product. A gift card is a type of prepaid or stored value card that is designed to be purchased by one consumer (purchaser) and presented as a gift to a second consumer (recipient). The terms and conditions of different gift card products can vary significantly, but gift cards are generally divided into two main categories: retail gift cards and bank-issued gift cards.
In the first 10 months of 2006, over half of the 213 information security breaches reported by financial institutions to the FDIC involved technology service providers (TSP). In accordance with federal laws and regulations, financial institutions must safeguard sensitive customer information against unauthorized disclosure when outsourcing various information technology (IT) operations to TSPs. Interagency guidelines contained in Part 364 of the FDIC Rules and Regulations establish key controls over TSPs, noting that each bank shall (1) exercise due diligence in selecting TSPs, (2) have contractual arrangements with their TSPs that require appropriate measures to safeguard customer information, and (3) provide ongoing monitoring of TSPs to ensure they have satisfied their contractual obligations.
The Office of the Comptroller of the Currency (OCC) has been informed by the Committee on Financial Services of the U.S. House of Representatives that fraudulent correspondence, including e-mails, referring to the Committee and making use of the Committee’s letterhead is in circulation. The communications inform potential victims that they are due to receive large sums of money from an inheritance, but that they must first pay a large fee through lawyers to the Financial Services Committee in order to verify that the funds are not tied to terrorist financing. The Financial Services Committee does not require any person to obtain what the con-artists are calling a “Clean Bill of Record” for receiving inheritance money.
The Office of the Comptroller of the Currency today announced its schedule of workshops for national community bank directors. This year the OCC has added a workshop for community bank directors entitled "A New Director’s Challenge: Mastering the Basics." This two-day program, scheduled in Washington D.C., April 16-18, is geared primarily to directors with less than three years of experience. The workshop should be particularly valuable to directors of new national banks, many of whom are also new to the industry.
Purpose and Scope This document outlines the Office of Thrift Supervision’s (OTS’s) supervisory expectations for savings associations’ gift card programs. The purpose of this guidance is to ensure adequate account administration, marketing, and consumer disclosure practices for gift card programs; to encourage more uniform practices among the thrift institutions that offer gift card programs; and to promote consumer protection while continuing to encourage product innovation. Background A gift card is a payment card with a preloaded value that one consumer typically gives to another as a gift. Like a gift certificate, a consumer may use a gift card to purchase goods or services from one or more merchants.
Comptroller of the Currency John C. Dugan told an audience of bank risk managers today that, because their goals are so closely aligned to those of the regulators, the regulations and guidance issued by the agencies can support them in meeting their firms’ objectives. For example, he said, regulators can highlight concerns that are important to risk managers, but which others in the bank might prefer to ignore for competitive reasons. An example is the interagency guidance on non-traditional mortgages, which establishes expectations for prudent underwriting, taking into account some of the unique features and risks these products present.
The Federal Deposit Insurance Corporation (FDIC) recognizes the serious impact of the recent severe storms and tornadoes in central Florida on the operations of financial institutions and will provide regulatory assistance to institutions subject to its supervision. These initiatives are being taken to provide regulatory relief and facilitate recovery. The FDIC encourages depository institutions in the affected disaster areas to meet the financial service needs of their communities.
E-mails fraudulently claiming to be from the FDIC or VeriSign, Inc. are attempting to deceive financial institutions in to installing unknown software on their computer networks. The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails that appear to be sent from the FDIC or VeriSign, Inc. and ask recipients to run a "security guard script" to secure Web sites. Currently, the e-mails are purportedly from "FDIC Legal Information Technology," "FDIC Information Security," or "Verisign Inc." and the subject lines include the phrase "Regular Security Maintenance" or "Regular Hosting Security Maintenance." The e-mails are fraudulent and were not sent by the FDIC or VeriSign, Inc.
A wireless local area network (WLAN) enables access to computing resources for devices that are not physically connected to a network. WLANs typically operate over a fairly limited range, such as an office building or building campus, and usually are implemented as extensions to existing wired local area networks to enhance user mobility. This guide seeks to assist organizations in better understanding the most commonly used family of standards for WLANs—Institute of Electrical and Electronics Engineers (IEEE) 802.11—focusing on the security enhancements introduced in the IEEE 802.11i amendment. In particular, this guide explains the security features and provides specific recommendations to ensure the security of the operating environment.
Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS)1 are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization.
Electronic mail (email) is perhaps the most popularly used system for exchanging business information over the Internet (or any other computer network). At the most basic level, the email process can be divided into two principal components: (1) mail servers, which are hosts that deliver, forward, and store email; and (2) mail clients, which interface with users and allow users to read, compose, send, and store email. This document addresses the security issues of mail servers and mail clients, including Web-based access to mail. Mail servers and user workstations running mail clients are frequently targeted by attackers. Because the computing and networking technologies that underlie email are ubiquitous and well-understood by many, attackers are able to develop attack methods to exploit security weaknesses. Mail servers are also targeted because they (and public Web servers) must communicate to some degree with untrusted third parties.
PURPOSE This bulletin reminds national banks and their technology service providers of the upcoming change in the schedule for Daylight Savings Time. National banks may be exposed to a variety of risks if they do not prepare their systems to reflect this change. BACKGROUND Daylight Savings Time (DST) in the United States will begin earlier and end later in 2007 than in years past. The Energy Policy Act of 2005, signed into law August 2005, moves the beginning of DST from the first Sunday in April to the second Sunday in March. DST will now end the first Sunday in November instead of the last Sunday in October.
Why GAO Did This Study The Federal Deposit Insurance Reform Conforming Amendments Act of 2005 requires GAO to report on the effectiveness of Federal Deposit Insurance Corporation’s (FDIC) organizational structure and internal controls. GAO reviewed (1) mechanisms the board of directors uses to oversee the agency, (2) FDIC’s human capital strategies and how its training initiatives are evaluated, and (3) FDIC’s process for monitoring and assessing risks to the banking industry and the deposit insurance fund, including its oversight and evaluation. To answer these objectives, GAO analyzed FDIC documents, reviewed recommended practices and GAO guidance, conducted interviews with FDIC officials and board members, and conducted site visits to FDIC regional and field offices in three states. What GAO Recommends GAO recommends that FDIC (1) develop outcome-based performance measures for key human capital initiatives and make available such performance results to all employees and (2) develop policies and procedures that define how it will systematically and comprehensively evaluate its risk assessment activities.
If you have a complaint against a thrift institution (or savings association), the Office of Thrift Supervision (OTS) may be able to help. The OTS is an office of the Department of the Treasury that regulates and supervises the nation's thrift industry. The OTS's mission is to ensure the safety and soundness of thrift institutions and their compliance with consumer protection laws. The OTS also supports the important role thrift institutions play as home mortgage lenders and providers of other forms of community credit and financial services. Additionally, the OTS oversees the activities and operations of thrift operating subsidiaries and holding companies that own or control thrift institutions.
The Federal Trade Commission today issued its annual report, "Consumer Fraud and Identity Theft Complaint Data" on complaints consumers have filed with the agency. For the seventh year in a row, identity theft tops the list, accounting for 36 percent of the 674,354 complaints received between January 1 and December 31, 2006. Other categories near the top of the complaint list include shop-at-home/catalog sales; prizes, sweepstakes and lotteries; Internet services and computer complaints; and Internet auction fraud.
The federal financial regulatory agencies have jointly issued the attached reminder of Supervisory Guidance for Financial Institutions Affected by Hurricane Katrina (Katrina Guidance Reminder). The Katrina Guidance Reminder reemphasizes that working constructively with borrowers is in the long-term best interest of both the financial institution and the customer. Highlights: The Katrina Guidance Reminder recognizes that many communities and families may need an extended period of time to recover from the unprecedented magnitude of the devastation caused by Hurricane Katrina.
The Homeland Security Presidential Directive HSPD-12 called for new standards to be adopted governing the interoperable use of identity credentials to allow physical and logical access to Federal government locations and systems. The Personal Identity Verification (PIV) standard for Federal Employees and Contractors, Federal Information Processing Standard (FIPS 201), was developed to establish standards for identity credentials. This document, Special Publication 800-76 (SP 800-76), is a companion document to FIPS 201. It describes technical acquisition and formatting specifications for the biometric credentials of the PIV system, including the PIV Card1 itself. It enumerates procedures and formats for fingerprints and facial images by restricting values and practices included generically in published biometric standards. The primary design objective behind these particular specifications is high performance universal interoperability. For the preparation of biometric data suitable for the Federal Bureau of Investigation (FBI) background check, SP 800-76 references FBI documentation, including the ANSI/NIST Fingerprint Standard and the Electronic Fingerprint Transmission Specification. This document does not preclude use of other biometric modalities in conjunction with the PIV card.
Summary: The FDIC has revised its Compliance Examination Handbook. The new handbook contains the FDIC's compliance examination policies and procedures in effect as of June 2006. It also includes revised Community Reinvestment Act (CRA) examination procedures and performance evaluations. The handbook will be available in electronic format only and can be accessed on the FDIC's Web site at http://www.fdic.gov/regulations/compliance/handbook/index.html.
Hurricanes Katrina and Rita destroyed homes and displaced millions of individuals. While federal and state governments continue to respond to this disaster, GAO has identified significant control weaknesses-specifically in the Federal Emergency Management Agency (FEMA)'s Individuals and Households Program (IHP) and in Department of Homeland Security (DHS)'s purchase card program—resulting in significant fraud, waste, and abuse. In response to the numerous recommendations GAO made, DHS and FEMA have reported on numerous actions taken to address our recommendations. Lessons learned from GAO's prior work can serve as a framework for an effective fraud prevention system for federal and state governments as they consider spending billions more on disaster recovery. These lessons are particularly important because funding that is lost to fraud, waste, and abuse reduces the amount of money that could be delivered to victims in need.
Many consumers have become victims of scams involving a fraudulent cashier’s check. A cashier's check is a check that is issued by a bank, and sold to its customer or another purchaser, that is a direct obligation of the bank. Cashier's checks are viewed as relatively risk-free instruments and, therefore, are often used as a trusted form of payment to consumers for goods and services. However, cashier's checks lately have become an attractive vehicle for fraud when used for payments to consumers. Although the amount of a cashier's check quickly becomes "available" for withdrawal by the consumer after the consumer deposits the check, these funds do not belong to the consumer if the check proves to be fraudulent.It may take weeks to discover that a cashier’s check is fraudulent.In the meantime, the consumer may have irrevocably wired the funds to a scam artist or otherwise used the funds - only to find out later, when the fraud is detected - that the consumer owes the bank the full amount of the cashier's check that had been deposited.
The Federal Reserve Banks today announced plans to conduct another round of studies to determine the current composition of the nation's retail payments market, including checks, credit and debit cards, and automated clearing house (ACH) transactions. These two studies will build on information gained from similar studies published by the Reserve Banks in 2001 and 2004. "As the nation continues its migration from paper-based to electronic payments, we believe these studies will provide additional insight to help industry participants plan for the future," said Richard Oliver, an executive vice president with the Federal Reserve Bank of Atlanta and the Federal Reserve System's product manager for retail payments.
The Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) has prepared an assessment of mortgage loan fraud, which it based on its analysis of Suspicious Activity Reports (SARs). Financial institutions offering mortgage loan products may find the assessment useful. The assessment, entitled "Mortgage Loan Fraud," is available on FinCEN's Web site at http://www.fincen.gov/mortage_fraud.html.
The Federal Reserve Board on Friday approved changes to its Policy on Payments System Risk that revise the Board's expectations for systemically important payments and settlement systems subject to its authority and update and clarify the policy with regard to central counterparties. Under the revised policy, systemically important payments and settlement systems subject to the Board's authority are expected to complete and disclose publicly self-assessments against the principles and minimum standards in the policy. The self-assessment should be reviewed and approved by the system's senior management and board of directors upon completion and made readily available to the public. In addition, a self-assessment should be updated following material changes to the system or its environment and, at a minimum, reviewed by the system every two years.
The National Credit Union Administration and the Financial Crimes Enforcement Network today announced that they will jointly host a seminar over the web "BSA: A Year in Review and Setting the Table for 2007." The seminar, known as a webinar, will take place on Tuesday, February 6, 2007 and will be co-hosted by JoAnn Johnson, Chairman of the National Credit Union Administration (NCUA), and Jamal El-Hindi, Associate Director of the Regulatory Policy and Programs Division at the Financial Crimes Enforcement Network (FinCEN).
Summary: The FDIC, along with the other federal banking agencies and the Securities and Exchange Commission, is issuing the attached final Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Activities (Final Statement). The Final Statement describes the types of internal controls and risk-management policies and procedures that the agencies have found to be useful in identifying, managing and addressing the potentially heightened legal or reputational risks that may arise from certain complex structured finance transactions.
As use of the Internet continues to expand, more credit unions are using it to offer products and services or otherwise enhance communications with members. The Internet offers the potential for safe, convenient new ways to shop for financial services and conduct credit union business, any day, any time. However, members need to make good on-line choices—decisions that may help avoid costly surprises or scams.
The Office of the Comptroller of the Currency issued guidance today warning of the risks posed by scams involving fraudulent bank cashier's checks and describing steps national banks should take to protect themselves and their customers. A cashier's check, which is issued by a bank and sold to a consumer or other purchaser, represents a direct obligation of the bank. The guidance was issued in response to a growing incidence of scams involving cashier's checks. In most of these cases, individuals receive a cashier's check and are asked to deposit the check into their account, wait until funds become available and then wire some part of the funds from their account to a third party, often in a foreign country.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
