We are thinking of putting a notice on our website about the Phishing scams. Do I need to be concerned with any regulatory issues (from a compliance standpoint)? It's more of an FYI to the customer but there's a lot of information that they are putting on our site.

Thanks, Happy 4th everyone.

We put two notices on our site - both are in the footer so they appear on each page. Notice 1 talks about phishing, notice 2 reminds them that our e-mail links are not secure and should not be used for sensitive information. We ran both by our auditors and they said we could phrase it however we wanted to (wish I had that on tape . . . an auditor saying, "whatever, it's OK.")

I'm not aware of any compliance requirements that would impact a financial institution surrounding phishing incidents or customer notification. This is an area that is continuing to evolve and doesn't impact most banks. While phishing has been around for a long time, it only really began to take off within the past 12 months.

Citibank has some execellent information on its web site. (Just click on the "Consumer Alert!" link.) We are going to be adding information soon, but obviously not as extensive as Citibank.

Visit the Anti-Phishing Working Group website for some great information and resources.

This is strictly to inform your customers and help them, and you, prevent losses. There is no regulatory requirement/prohibition on these.