Answer:
The Guidelines require a bank to ensure that each of its subsidiaries is subject to a comprehensive information security program. The bank may fulfill this requirement either by including a subsidiary within the scope of the bank's comprehensive information security program or by causing the subsidiary to implement a separate comprehensive information security program. A subsidiary is defined as any company controlled by a bank, except a broker, dealer, person providing insurance, investment company, investment advisor, insured depository institution, or subsidiary of an insured depository institution. Check with your legal counsel to determine if the affiliates in question are "controlled" by the bank or holding company and therefore subject to the Guidelines.
First published on BankersOnline.com 8/6/01
print
share