Richard
We are carrying out this audit for a number of institutions. We have found the most difficult problem to be the links which lead on from links.
We are making sure that all liknks from our clients sites have to be signed through, ie: the user has to actually acknowledge that they know they are moving from our website to that of another unrelated body and that niether our encryption nor our control is guaranteed in the new area.
Due diligence means what any reasonable person might expect so we are checking civil filings at Federal and County level, making sure we know -and have documented who the owners/directors/officers of the third parties are, checking for adverse press coverage and/or proffesional stricture (where appropriate). We have, on accaision, checked companies previously owned by current owners where adverse press coverage for another business has been identified. This is a BIG job and needs resource to get it right. You may want to consider outsourcing all or part of it. We can handle all or if you just want to outsource Due Diligence we have found Commercial Business Systems -we have used them on a number of occaisions - efficient.
The agreements need to cover making sure that customers are not mislead into thinking they are looking at the same site, posting an adequate privacy policy that discloses all the ways in which information gleaned from your customers can or cannot be used.
Precluding the knowledge that, from the link to the new site, this is, or maybe, one of your cusomers, preclude the building of lists identifying this as a customer or probable customer of XBank and the sale of that knowledge.
Total Compliance 805-642-6250 Matthew Read.
Commercial Business Intelligence 888-740-0747 Mike Adams.