We are going to a new internet banking vendor. I believe that the Bank's privacy policy is separate from what I call the disclosure of technical information. Is that correct? Who writes the secuirty features disclosure? The bank or the vendor?
How do I know what is to be detailed in such a disclosure?
Does anyone have a sample Internet Banking Agreement for customers?

I don't know what the content of some of these documents you mention is, so it is hard to answer. I may call something by a different name.

For a sample IB agreement, look at the signup page of other banks. That will give you some ideas on what you want in yours. Just be sure it matches what you actually are doing.

The technical requirements and features are given to you by your vendor, but the agreement between you and your customer is just that. So you are responsible for the agreement with the customer. The vendor is responsible to you.

Andy always posts the best advice:
For a sample IB agreement, look at the signup page of other banks. That will give you some ideas on what you want in yours. Just be sure it matches what you actually are doing.

Don't try to re-invent the wheel - go to the disclosure pages of other banks, especially those that are with the same vendor. Try to look at 2-3 examples and you will probably end up with at least one that looks like they used legal assistance to come up with the words.

By the way, there is no security features disclosure. There is no requirement for such a disclosure. Those elements are incorporated within internal policy/procedures with the general public given a brochure that talks about safety, encrption, firewalls, how a PIN is established, etc but only in generate terms.

The security features may mean (I assumed, I know what that does) they meant a browser with 128 bit encryption, etc.

The closest thing to a security features disclosure is the part of your GLB privacy notice required by section .6(a)(8) of the privacy regulations regarding your "policies and practices with respect to protecting the confidentiality and security of nonpublic personal information". You don't need a lot of detail (see sample clause A-7). The reference to "federal standards" in the sample clause is to the Information Security Guidelines.

While there isn't an actual "regulation" that mandates this type of disclosure, we wrote a Tech Alert last year about how the FDIC, in an issue of FDIC Consumer News, advised consumers to "Make sure the bank's Web site describes its security procedures."

See the full Tech Alert article that details what FDIC is telling folks and what you need to think about doing in this regard.