We would like information on whether a bank is required to contact regulators and customers when an employee has e-mailed some non-public information of our customers to an employee at another financial institution. The purpose was to get copies of forms, but some information such as loan numbers, loan amounts, and names of customers were on the copies of the documents. Since this information was passed between financial institutions, and all efforts will be taken to inform the other financial institution that this information was passed and must be held confidential or destroyed, does this create the notice requirement for privacy of a breach?
What must be done if a tape containing loan customer information is lost in transit to the credit bureau? The tape is encrypted and contains minimal sensitive information.
What is the CIP record retention period for mortgage loans that we sell and no longer service? Do we maintain the records five years after we sell the loan?
Please provide a comprehensive list of the regulations that have "required training" stated, within the regulation. Also, I am looking for a suggested/required training list that would be applicable to ALL bank staff: So far I have sexual harassment, workplace violence, privacy, robbery, CIP, and BSA.
The agencies have published new examination procedures for FCRA and the FACT Act.
To assist institutions in their efforts to design and manage effective information security programs, the agencies have issued guidance especially designed for small entities, which appears to be a
Risk is that four letter word that is most on our minds right now. In the context of information security, managing risk is a front burner issue. But what, exactly, is it?
Upon receiving a non-local check, we attempted to call for check verification. The bank we spoke with said that due to the USA PATRIOT Act, they were unable to verify funds, and that we would have to deposit the check and wait for it to clear. I was unaware of this and was wandering where it's stated in the USA PATRIOT Act.
We have been notified by VISA Fraud that 23 of our customers debit cards may have been compromised. We have notified each affected customers. To date we have not identified any loss. Do we need to: 1) file a SAR?, 2) notify law enforcement? or 3) notify the FDIC?
Question: Our credit union is getting a substantial amount of returned mail from membership stating that the member is no longer at the last known mailing address.