Comptroller of the Currency, Administrator of National Banks Ensuring a Safe and Sound National Banking System for all Americans
Advanced Search | Subject Index | Site Map | Directory | Contact the OCC  
Home
What's New
About the OCC
Banker Education
Careers at the OCC
Community Affairs
Corporate Applications
CRA Information
Consumer Complaints and Assistance
Electronic Banking
Electronic Banking Guidance
Opinions and Letters
Research and Analysis
FOIA
Issuances
Legal and Regulatory
National Bank Appeals
News Releases
Publications
Public Information
Related Sites
Speeches

 
National BankNet


What is BankNet?

OCC Electronic Banking Guidance

OCC issues guidance to ensure national banks and their service providers and software vendors maintain safe and sound banking practices.

Handbooks

Handbooks provide guidance to national banks, service providers, software vendors and bank examiners on procedures for supervising banking activities.

          Published Booklets
  • Audit (August 2003)
  • Business Continuity Planning (March 2008)
  • Development and Acquisition (April 2004)
  • Electronic Banking (August 2003)
  • FedLine (August 2003)
  • Information Security (July 2006)
  • Management (June 2004)
  • Operations (July 2004)
  • Outsourcing Technology Services (June 2004)
  • Retail Payments (March 2004)
  • Supervision of Technology Service Providers (March 2003)
  • Wholesale Payments (July 2004)
  • Bank Supervision Process
  • Large Bank Supervision
  • Community Bank Supervision
  • Comptroller's Licensing Manual, Charters
Current OCC Regulation
The OCC has issued the following regulation regarding electronic banking activities by national banks. The final rule published in May 2002, establishes a new subpart 7 of OCC regulations that addresses the authority of national banks to conduct activities by electronic means and codifies many of the OCC's prior interpretations on electronic banking found on this website.
5/16/2002
OCC Issues Final Rule on Electronic Banking		 Release 2002-44 WORD ASCII
Final Rule on Electronic Banking PDF
OCC Issuances
These issuances provide information to banks and examiners on areas of continuing concern and advise bankers and bank directors about activities and situations that could affect the safe and sound management of their banks.
OCC Bulletins Links
05/08/2008
Information Security: Application Security		 Bulletin 2008-16 HTML
03/19/2008
FFIEC Information Technology Examination Handbook: Business Continuity Planning Booklet		 Bulletin 2008-6

FFIEC press release:

Business Continuity Planning Booklet:		 HTML

HTML

HTML
12/18/2007
Pandemic Planning: Interagency Guidance		 Bulletin 2007-49 HTML PDF
HTML
11/14/2007
Identity Theft Red Flags and Address Discrepancies		 Bulletin 2007-45 HTML PDF
02/16/2007
Daylight Savings Time Change: Risk Management Guidance		 Bulletin 2007-9 HTML
09/01/2006
Automated Clearing House Activities: Risk Management Guidance		 Bulletin 2006-39 PDF ASCII
08/15/2006
Authentication in an Internet Banking Environment: Frequently Asked Questions		 Bulletin 2006-35 WORD ASCII
07/27/2006
Identity Theft Red Flags and Address Discrepancies		 Bulletin 2006-32 WORD ASCII
07/27/2006
FFIEC Information Security Booklet		 Bulletin 2006-31 WORD ASCII
06/15/2006
Disaster Planning: Hurricane Katrina: Lessons Learned		 Bulletin 2006-26

Booklet: 		WORD ASCII

HTML
03/30/2006
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM)		 Bulletin 2006-14

Examination Procedures:

Worksheet: Examination Procedures: 		WORD ASCII

PDF

PDF
03/15/2006
Influenza Pandemic Preparedness: Interagency Advisory		 Bulletin 2006-12 WORD ASCII
12/14/2005
Small Entity Compliance Guide: Information Security		 Bulletin 2005-44

Guide: 		WORD ASCII

PDF
10/12/2005
Authentication in an Internet Banking Environment		 Bulletin 2005-35 WORD ASCII
7/01/2005
Threats from Fraudulent Bank Web Sites: Risk Mitigation and Response Guidance for Web Site Spoofing Incidents		 Bulletin 2005-24 PDF ASCII
4/14/2005
Response Programs for Unauthorized Access to Customer Information and Customer Notice: Final Guidance		 Bulletin 2005-13 WORD ASCII
1/12/2005
Proper Disposal of Consumer Information: Final Rule 		Bulletin 2005-1  

Final Rule: 		WORD ASCII

PDF
12/20/2004
Automated Clearing House, NACHA Rule Changes		 Bulletin 2004-58 WORD ASCII
10/27/2004
FFIEC Guidance: Risk Management for the Use of Free and Open Source Software		 Bulletin 2004-47 PDF ASCII
Guidance HTML
10/02/2003
FFIEC Information Technology Examination Handbook: E-Banking, Audit, and FedLine Booklets		 Bulletin 2003-41 WORD ASCII
05/21/2003
FFIEC Information Technology Examination Handbook: Business Continuity Planning and Supervision of Technology Service Providers Booklets		 Bulletin 2003-18 WORD ASCII
04/23/2003
Weblinking: Interagency Guidance on Weblinking Activity		 Bulletin 2003-15 WORD ASCII
Interagency Guidance PDF
04/08/2003
Interagency Paper On Sound Practices To Strengthen the Resilience Of The U.S. Financial System		 Bulletin 2003-14 WORD ASCII
Interagency Paper PDF
03/27/2003
Telecommunications Service Priority (TSP) Program: FBIIC Policy on Sponsorship of TSP for Private Sector Entities 		Bulletin 2003-13 WORD ASCII
FBIIC Policy HTML
FRB Sponsorship: Notice PDF
2/05/2003
FFIEC Information Security Booklet: Information Security Guidance		 Bulletin 2003-4 PDF ASCII
07/23/2002
Government Emergency Telecommunications Service		 Bulletin 2002-33 PDF ASCII
05/28/2002
Electronic Banking: Final Rule		 Bulletin 2002-23 PDF ASCII
Electronic Activities: Final Rule PDF
5/15/2002
Bank Use of Foreign-Based Third-Party Service Providers		 Bulletin 2002-16 WORD ASCII
11/1/2001
Third-Party Relationships: Risk Management Principles 		Bulletin 2001-47 WORD ASCII
7/18/2001
Examination Procedures to Evaluate Compliance with the Guidelines to Safeguard Customer Information 		Bulletin 2001-35 WORD ASCII
Examination Procedures PDF
4/27/2001
Uniform Standards for the Electronic Delivery of Disclosures; Regulations M, Z, B, E and DD		 Bulletin 2001-23 WORD ASCII
2/28/2001
Bank-Provided Account Aggregation Services		 Bulletin 2001-12 WORD ASCII
2/15/2001
Guidelines Establishing Standards for Safeguarding Customer Information		 Bulletin 2001-8 WORD ASCII
Final Guidelines HTML
06/22/2000
Privacy of Consumer Financial Information--Final Rule		 Bulletin 2000-21 WORD ASCII
Summary WORD ASCII
Final Rule ASCII
06/19/2000
Suspicious Activity Report		 Bulletin 2000-19 WORD ASCII
SAR Form and Guidance (FinCEN) HTML
05/15/2000
Infrastructure Threats-Intrusion Risks---Message to Bankers and Examiners		 Bulletin 2000-14 WORD ASCII
5/4/99
Certification Authority Systems		 Bulletin 99-20 ASCII
7/30/98
FFIEC Guidance on Electronic Financial Services and Consumer Compliance 		Bulletin 98-31 ASCII
FFIEC Guidance PDF
Compliance Issues Involving Electronic Services PDF
7/9/1998
Accounting for Computer Software Costs		 Bulletin 98-29 ASCII
5/12/98
Branch Names (multiple trade names)		 Bulletin 98-22 ASCII
Interagency Statement (Additional Guidance) PDF
Interpretive Letter No. 881 PDF
2/4/98
Technology Risk Management		 Bulletin 98-3 ASCII
9/10/96
Stored Value Card Systems--Information for Bankers and Examiners 		Bulletin 96-48 ASCII
Alerts Links
02/16/2007
Daylight Savings Time Change: Risk Management Guidance		 Alert 2007-9 HTML
09/08/2006
Customer Authentication and Internet Banking Alert		 Alert 2006-50 HTML ASCII
09/12/2003
Customer Identity Theft: E-Mail-Related Fraud Threats

Alert 2003-11

 WORD ASCII
06/12/2003
Threat Posed by New Virus (Bugbear.B)

Alert 2003-9

 WORD ASCII
4/24/2001
Network Security Vulnerabilities		 Alert 2001-4 WORD ASCII
07/19/2000
Protecting Internet Addresses of National Banks		 Alert 2000-9 WORD ASCII
2/11/2000
Internet Security: Distributed Denial of Service Attacks 		Alert 2000-1
 WORD ASCII
Advisory Letters Links
10/01/2004
Electronic Consumer Disclosures and Notices

Advisory Letter 2004-11

WORD ASCII
06/21/2004
Electronic Record Keeping

Advisory Letter 2004-9

WORD ASCII
05/14/2004
Payroll Card Systems

Advisory Letter 2004-6

WORD ASCII
12/09/2003
Risk Management of Wireless Networks

Advisory 2003-10

 WORD ASCII
5/11/2001
Brokered and Rate-Sensitive Deposits		 Advisory Letter 2001-5 WORD ASCII
Joint Agency Advisory PDF
3/22/2000
Technology Risk Management Lessons from Year 2000 		Advisory Letter 2000-2 WORD ASCII
FFIEC urges financial institutions not to forget lessons learned from Year 2000 project PDF
Lessons learned from the Year 2000 project PDF
03/29/99
Fair Credit Reporting Act		 Advisory Letter 99-3 ASCII
7/24/91
Social Security Numbers As Personal Identification Numbers		 Advisory Letter 91-4 PDF
Rescinded Issuances Date Rescinded By
OCC Bulletins
OCC 94-8 Electronic Imaging Systems
January 1994
Operations Booklet, FFIEC IT Examination Handbook
OCC 97-23 FFIEC Interagency Statement on Corporate Business Resumption and Contingency Planning
May 1997
Business Continuity Planning Booklet, FFIEC IT Examination Handbook
OCC 98-30 Uniform Rating System for IT - Notice & Request for Comment
July 1998
Replaced by OCC 99-3
OCC 98-38 Technology Risk Management: PC Banking Guidance for Bankers and Examiners
August 1998
Electronic Banking Booklet, FFIEC IT Examination Handbook
OCC 99-3 Uniform Rating System for Information Technology -- Message to Bankers and Examiners
January 1999
Incorporated into the "Bank Supervision Process" booklet
OCC 99-9 Infrastructure Threats from Cyber-Threats
March 1999
Information Security Booklet, FFIEC IT Examination Handbook
OCC 2001-17 Change in URSIT Usage for Examinations of National Banks
April 2001
Incorporated into the "Bank Supervision Process" booklet
OCC 2002-2 ACH Transactions Involving the Internet: Guidance and Examination Procedures
January 2002
Replaced by OCC 2006-39 Automated Clearing House Activities: Risk Management Guidance
OCC 2004-49 Check Clearing for the 21st Century Act (Check 21) and 12 CFR 229 Availability of Funds and Collection of Checks
November 2004
Replaced by the Depository Services booklet, updated September 2006
 
Advisory Letters
AL 88-7 LSIS
November 1988
Development and Acquisition Booklet, FFIEC IT Examination Handbook
AL 88-9 SDLC
December 1988
Development and Acquisition Booklet, FFIEC IT Examination Handbook
AL 97-9 Reporting Computer Related Crimes
November 1997
OCC 2003-37 Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice
AL 99-6 Guidance to National Banks and Privacy Statements
May 1999
Information Security Booklet, FFIEC IT Examination Handbook
AL 2000-12 Risk Management of Outsourcing Technology Sources
November 2000
Outsourcing Technology Services Booklet, FFIEC IT Examination Handbook
 
Banking Circulars
BC-187 Financial Information on Data Services Processing
January 1985
Outsourcing Technology Services Booklet, FFIEC IT Examination Handbook
BC-226 End User Computing
January 1988
Business Continuity Planning, Operations, and Information Security Booklets, FFIEC IT Examination Handbook
BC-229 Information Security
May 1988
Information Security Booklet, FFIEC IT Examination Handbook
BC-260 EDP Service Contracts
July 1992
Outsourcing Technology Services Booklet, FFIEC IT Examination Handbook
BC-271 EFT Switches and Network Services
May 1993
Retail Payments Booklet, FFIEC IT Examination Handbook
 
Examining Circulars
EC-238
EC-238 Sup 1
Disclosure of Camel Ratings
Attachment to EC-238

EC-159
Uniform Financial Institutions Rating System
Attachment to EC-159 and supplement

OCC emblem

The Office of the Comptroller of the Currency was created by Congress to charter national banks, to oversee a nationwide system of banking institutions, and to assure that national banks are safe and sound, competitive and profitable, and capable of serving in the best possible manner the banking needs of their customers.

 Accessibility | Web Privacy Policy | Contact Us
Department of the Treasury | USA.gov | No Fear Act | Get Acrobat Reader | HelpWithMyBank.gov |