Our IT department has recently installed a new firewall and our BSA department no longer has open access to perform BSA due diligence searches. They have assigned us more open access that the rest of the institution, but we are constantly getting blocked and the IT manager won't open it up as he says it puts the rest of the network at risk. We do appreciate that, so I was wondering what other banks are doing to protect their network while still giving their BSA folks unlimited internet search access.

If you need a tool, FinCEN 2014 - A007 has a section dealing with the availability of information. As this new restriction appears to be a step backward, it may draw some regulatory attention based on how critical it is to your research.

Can the IT department put role based access into place for the database? We have non-edit or business partner rights into any database we use for research that is not owned by our department

"We have non-edit or business partner rights into any database we use for research that is not owned by our department"

What does that mean?

They are limiting your access to what sites that you use for due diligence??

Last I checked, IT was a service department.

1. You are responsible for determining what you need to do your job.

2. They are responsible for determining how to safely provide you with that access.

3. Them saying "no" is not part of their job description.

I think they're willing but unable to adequately accomplish point #2 on RLCAREY's response. Many times our searches will take us to sites with objectionable material etc. and that is just the nature of what we do. However, they don't know how to give us open access while at the same time insulate the rest of the network from something from one of those sites. I can't imagine this is something new as every bank I've spoken to has their BSA people with unlimited access.

I'm really confused as to what kind of sites a BSA search would even require you to look at. Are these customers' websites?

Could they give you a laptop with internet access that is not tied to your network?

There are many ways to skin a cat, as "bonette" just pointed out. The fact that they are just saying no shows a lack of imagination.

A Chromebook connected to wi-fi is an inexpensive way to do that. You can open a g-mail account to email yourself PDF screen shots of what you find.

I suggested that but it gets a little cumbersome to have a different machine and also we would have to give everyone in the department 2 machines. I'm really reaching out in this forum to see what others are doing in their bank. Are your BSA people given full access? If so, how does the IT department ensure that safety of the network?

In answer to Jaenelle's comment - We review client's websites during our due diligence and some of our clients are in certain industries that might be considered objectionable. That website would be blocked and we would have to stop and request access, wait for the site to whitelisted and then we can proceed. Its very time consuming.

TBH this doesn't sound that different than what is considered normal when IT puts a web filtering software on.

Normally you end up with a breakdown like this;

*Exec--full access (even though they shouldn't because they are the most likely for a phishing and other attacks)

*Officer/Compliance/BSA--essentially open access but sites such as shopping, Youtube and others questionable sites are blocked

*CSR--Only sites that they need to do their job (Sec. of State searches, check ordering etc.)

*Tellers--Nothing.

I'm assuming you are reviewing a customer's website in order to determine if they are offering any *extra* services they didn't tell you about but personally I find that step to be slightly above and beyond in performing it for all customers.

The one item method no one else has mentioned is to simply use your own personal cell phone/tablet.

Had a similar issue at my bank. When they would not open entirely, I was forced to send a ticket to the IT Help Desk explaining why I needed access to a specific site and typically the site's url would then be added to a Domain Safe List. After having done that many times, they decided to give me an off-network laptop to perform our searches.

Really - everyone? I think someone else might not be using their imagination. Maybe you need to reassess who uses the internet for BSA research and why.

Perhaps you could suggest inviting the vendor in to show IT how to configure the web filter and give BSA their own access profile?

Groups like thisisme08 describes above are pretty common and what I've experienced. Hopefully your BSA Officer should be at the highest level, with virtually no restrictions, your BSA staff could be staggared with access (depending on how many you have and the different levels of staff).

I'm not a big fan of blocking sites "just because", or blocking Facebook or YouTube so staff won't waste time looking at it. Sites should be blocked based upon risk to the bank, and I can make an argument that all staff should/need to have at least some access to the internet, tellers included, they're not robots, they're people. You do need a strong Information Security training program for everyone. Like Randy said, there is there more than one way to skin a cat and not just with Internet access restrictions, as you can get around many of these restrictions with emails, personal devices and such, so IT needs to think hard about the types of restrictions they put in place and the protections the bank has. A teller can just as easily email themselves from their personal email a virus/malware embedded document as they can click on a link.

They key is training, including heavy social engineering training. Cher - I think your IT department needs a little training themselves.

My my 2 cents.