Our organization uses a vendor to service our mortgage loans. The vendor emails trial balance data, (loan numbers, names, balances, etc.) to us. The emails are password protected. Is this sufficient under GLBA or must the emails be encrypted?
While information technology is not usually the responsibility of the compliance manager, there are certain IT functions that the compliance manager should make sure are in place.
According to Exigen Group, a banking technology company, banking professionals have more to stress about than their own personnel cholesterol levels - they also face "corporate cholesterol."The ter
We face new challenges everyday with respect to viruses, ongoing software patches and updates as well new technologies to integrate within our bank. All of these put a strain on our IT resources. How do other banks justify staffing requirements and handle peak demand times?
Commonly cited violations have long been a source of important information for the design and management of compliance programs.
In the past, we sent mortgage loan closing documents to the title company via the internet. We stopped this practice because we feel that without having a secured e-mail line, and without encrypting the data, we would be in violation of GLB. Same with sending our Good Faith Estimates, or other disclosures. We stopped sending via e-mail to customers because of GLB issues. Are we correct in that it would be a violation of GLB to send non-public financial information electronically over a non-secure line?
As it relates to IT examinations, what are the top "hot buttons" for regulators?
Michele Petry, Ph.D., BankersOnline.com
Are there any requirements or criteria for Penetration testing? Can we perform the penetration testing ourselves? If we hire a third party vendor, should we require documentation saying they are authorized by the Regulators to perform the tests or that the testing will meet certain standards? Does the penetration testing requirement only apply to wired network or do we have to have penetration testing on the wireless as well?