Some of the mortgage loan rate sheets that I see advertised, particularly on Web sites do not seem to contain all the required disclosures. Once a triggering term is included, is there some way around providing the terms of repayment (payment schedule) in a rate sheet context when it is made available to the public? It seems that some rate sheets provide sample calculations, which is what I read the regulation to require - yet other rate sheets do not include any reference to the payment amounts. Any guidance or recommendations about how to get out of providing this level of information in a generic rate sheet style ad is appreciated.
Can you direct me to current articles on e-statements (security and disclosure)?
With the changing world of banking due to the infusion of information technology, what do you see as the role of the bank's security officer and the challenges ahead?
We are trying to make a checklist of types of disclaimers we should think about using in connection with the Internet. Do you have a list?
We are nervous about the method we are currently using to authenticate our online customers. We require the customer to put in their user name and a four letter password. Do you think this is sufficient?
What are the information security needs of a bank?Which laws/guidelines deal with information security needs of the bank?What are the steps involved in designing a security policy for a bank?
Can you recommend a good source or template for creation of an e-commerce enabled web hosting contract thatprotects a bank against liability with regards to its customers?
In a recent audit by the OTS I was asked to provide a seperate Strategic Plan for the IT area. Do you know where I can get a copy of one to use as a guideline, or an outling or format. I appreciate any help that you can provide.
Are we required to notify our customers of possible computer intrusions? Where can I find regulatory information regarding intrusions or hacks and the notification of customers?
The federal banking regulators have agreed to on final Interagency Guidelines Establishing Standards for Safeguarding Customer Information ("Guidelines"). You previously wrote two articles for us on the proposed guidelines. (See <a href="gurus_technology1211.html">Part 1</a> and <a href="gurus_technology1218.html">Part 2</a>.) Were there any surprises for you in the final version of Interagency Guidelines Establishing Standards for Safeguarding Customer Information? And could you give us a quick heads-up on what the final guidelines provide?