Question: Our credit union is getting a substantial amount of returned mail from membership stating that the member is no longer at the last known mailing address.
What are the compliance training topics that should be given to an average new employee within 90 days?
It's official. The agencies have published joint examination procedures for customer identification programs.
Our bank shares nonpublic personal information with an unaffiliated third party with whom we have a joint marketing arrangement for marketing credit card accounts. Under the agreement we are required to provide them in an electronic format the names, addresses, telephone numbers and social security numbers of our existing customers for the purpose of allowing them to solicit our customer for credit card accounts. Are we allowed to disclose telephone numbers and particularly social security numbers without providing our customers the opportunity to opt out? Our initial and annual disclosures do contain the required verbiage that we may disclose all of the information we collect to companies that perform marketing services on our behalf or with whom we have joint marketing agreements?
Commonly cited violations have long been a source of important information for the design and management of compliance programs.
We have separated our Customer Information Security Review into "two" sections - one relating to our information system (computers, software,etc,) and one for security of the customer information (documents, information we give out over the phone, etc). Can anyone recommend an audit program relating to the security of customer information?
Our last Deposit Controls audit cited us for not following a good procedure for address changes. Our system produces a report that shows if anyone has accessed a customer's file. Employees are also required to fill out a form any time they make a change to the customer's file. To your knowledge, are we required to have a customer sign a form to show that any of their info was changed? If so, do they sign for address changes only or should they sign for any type of change (address, phone, employment...maybe date of birth or Social) to their Customer Information file?
Our bank has a "Mortgage Bank" that is housed in a building separate from other bank operations. They do not accept deposits or handle cash. Under the Bank Protection Act, is this building required to have security devices such as cameras, alarms, etc.?