What regulations should be considered as we write our Remote Capture policy (Check 21, Reg E, Reg CC, etc.)?
For an account which electronic fund transfers can be made, may the bank send a notice each time with the date, amount, source and account number and not the other information that would be on the monthly statement as opening and closing balance in place of a periodic statement for each monthly cycle in which an electronic fund transfer has occurred? In particular, on a savings account that is normally sent a quarterly statement when no EFT activity has occurred, will the notice mentioned above suffice for a direct deposit to the account in place of the monthly statement?
We have had several customers express ardent displeasure with multi-factor authentication and the desire to be "opted out." Our system allows for opt-out but an FDIC examiner has told us that opt-out should never be allowed. I understand that it should be extremely limited, but if a very good customer says "turn it off," why should they not have the choice since it is being put in place for their security - provided they are willing to sign some kind of hold harmless agreement. From a Regulatory compliance standpoint we are meeting our obligations by putting multi-factor generally in place, but is the expectation that no customer ever be given a choice?
What is different about Daylight Saving Time this year and how will it affect my bank's systems?
As more and more business customers rely on e-mail, should the bank wire departments accept wire requests (scanned from the banks wire form) via e-mail?
Our e-newsletter program is brand new to us. If we provide a link to an external site that is not co-branded with our bank, are we required to have a speed bump? If so, what is the bare minimum we need to say? The reason I am asking is that we have a speed bump in place on our web site and it is quite lengthy. In this instance, if I were to add the speed bump, it actually has more content in it than our e-newsletter. I do receive e-newsletters from other banks and they do not have speed bumps. Since this area is new to us, I want to have policies in effect as we go forward.
We are looking to implement email notification of receipt of deposit instead of mailing paper back. I have seen comments on e-statements and E-sign and disclosure requirements but don't think any of that applies to receipts. Can you refer me to the regulation that states we are required to provide a receipt and the corresponding rules?
We feel that our network is very secure against attacks that originate on the Internet. Are there other areas about which we should be concerned?
In the past, we sent mortgage loan closing documents to the title company via the internet. We stopped this practice because we feel that without having a secured e-mail line, and without encrypting the data, we would be in violation of GLB. Same with sending our Good Faith Estimates, or other disclosures. We stopped sending via e-mail to customers because of GLB issues. Are we correct in that it would be a violation of GLB to send non-public financial information electronically over a non-secure line?
Who should be doing the information security risk assessment at our small community bank?