Answer:
There is a requirement for an annual report on information security.
12 CFR 30, Appendix B, "Guidelines Establishing Standards for Safeguarding Customer Information." The program must:
- Be approved and overseen by the Board of directors
- Be adjusted, as appropriate, for changes in the bank’s (or servicer’s) processing environment or systems.
- Include an annual report to the board (or committee) describing the overall status of the program and bank’s compliance with the Guidelines.
First published on BankersOnline.com 12/05/05