We have engaged an external IT security company to provide strong security for us. Do we still need a cyber incident response plan?
We are now scanning all of our deposit and loan documents for our customers. Is there any reason to "block" our lenders from viewing all the documents - such as a drivers license? Currently our lenders are blocked from viewing all deposit documents as well as CIF documents - signature cards, resolutions, trusts, drivers license, etc. Our lenders are required to capture the information from the drivers license when completing the loan application. I can remember back when we had loan files that we weren't allowed to keep a copy of the DL in the file. But now that they are scanned, do they need to be "blocked" from certain employees for viewing?
We need to communicate a change to our Business Mobile Banking customers. Is it permissible to send these customers (approx. 450 relationships) a text message to their cell phones with a link to the product change description without getting their express consent?
Do all banks need a social media department with written policy and procedures?
What do the initials EDP stand for?