skip navigation
IT Booklets
Audit
Introduction
IT Audit Roles and Responsibilities
Board of Directors and Senior Management
Audit Management
Internal IT Audit Staff
Operating Management
External Auditors
Independence and Staffing of Internal IT Audit
Independence
Staffing
Internal Audit Program
Risk Assessment and Risk-Based Auditing
Program Elements
Risk Scoring System
Audit Participation in Application Development, Acquisition, Conversions, and Testing
Outsourcing Internal IT Audit
Independence of the External Auditor Providing Internal Audit Services
Examples of Arrangements
Third-Party Reviews of Technology Service Providers
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Laws, Regulations, and Guidance
Business Continuity Planning
Introduction
Board and Senior Management Responsibilities
Business Continuity Planning Process
Business Impact Analysis
Risk Assessment
Risk Management
Business Continuity Plan Development
Assumptions
Internal and External Components
Mitigation Strategies
Risk Monitoring and Testing
Principles of the Business Continuity Testing Program
Roles and Responsibilities
Testing Policy
Execution, Evaluation, Independent Assessment, and Reporting of Test Results
Updating Business Continuity Plan and Test Program
Other Policies, Standards and Processes
Security Standards
Project Management
Change Control Policies
Data Synchronization Procedures
Crisis Management
Incident Response
Remote Access
Employee Training
Notification Standards
Insurance
Government and Community
Summary
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Internal And External Threats
Appendix D: Pandemic Planning
Appendix E: Interdependencies
Appendix F: Business Impact Analysis Process
Appendix G: Business Continuity Plan Components
Appendix H: Testing Program - Governance and Attributes
Appendix I: Laws, Regulations, and Guidance
Development and Acquisition
Introduction
Examination Objectives
Standards
Accounting for Software Costs
Information Security
Project Management
System Development Life Cycle
Alternative Development Methodologies
Roles and Responsibilities
Project Plans
Project Management Standards
Project Planning Standards
Configuration Management Standards
Quality Assurance Standards
Risk Management Standards
Testing Standards
Documentation Standards
Project Management Effectiveness
Capability Maturity Model
International Organization for Standardization
Development Procedures
Development Standards
Systems Development Life Cycle
Initiation Phase
Planning Phase
Design Phase
Development Phase
Testing Phase
Implementation Phase
Maintenance Phase
Disposal Phase
Large-Scale Integrated Systems
Software Development Techniques
Object-Oriented Programming
Computer-Aided Software Engineering
Rapid Application Development
Databases
Database Management Systems
Acquisition
Acquisition Standards
Escrowed Documentation
Software Development Contracts and Licensing Agreements
Overview
Software Licenses - General
Software Licenses and Copyright Violations
Documentation, Modification, Updates, and Conversion
Bankruptcy
Regulatory Requirements
Representations and Warranties
Dispute Resolution
Agreement Modifications
Vendor Liability Limitations
Security
Subcontracting and Multiple Vendor Relationships
Restrictions on Adverse Comments
Maintenance
Major Modifications
Routine Modifications
Emergency Modifications
Patch Management
Library Controls
Conversions
Utility Controls
Appendix A: Examination Procedures
Appendix B: Glossary
E-Banking
Introduction
Definition of E-Banking
Informational Websites
Transactional Websites
E-Banking Components
E-Banking Support Services
Weblinking
Account Aggregation
Electronic Authentication
Website Hosting
Payments for E-Commerce
Wireless E-Banking
E-Banking Risks
Transaction/Operations Risk
Liquidity, Interest Rate, Price/Market Risks
Compliance/Legal Risk
Strategic Risk
Reputation Risk
Risk Management of E-Banking Activities
Board and Management Oversight
E-Banking Strategy
Cost-Benefit Analysis and Risk Assessment
Monitoring and Accountability
Audit
Managing Outsourcing Relationships
Due Diligence for Outsourcing Solutions
Contracts for Third-Party Services
Oversight and Monitoring of Third Parties
Information Security Program
Security Guidelines
Information Security Controls
Authenticating E-Banking Customers
Administrative controls
Internal Controls
Business Continuity Controls
Legal and Compliance Issues
Trade Names on the Internet
Website Content
Customer Privacy and Confidentiality
Transaction Monitoring and Consumer Disclosures
Appendix B: Glossary
Appendix C: Laws, Regulations, and Guidance
Appendix D: Aggregation Services
Appendix E: Wireless Banking
Information Security
Introduction
Overview
Coordination with GLBA Section 501(b)
Security Objectives
Regulatory Guidance, Resources, and Standards
Security Process
Overview
Governance
Management Structure
Responsibility and Accountability
Information Security Risk Assessment
Overview
Key Steps
Gather Necessary Information
Identification of Information and Information Systems
Analyze the Information
Assign Risk Ratings
Key Risk Assessment Practices
Information Security Strategy
Key Concepts
Architecture Considerations
Policies and Procedures
Technology Design
Outsourced Security Services
Security Controls Implementation
Access Control
Access Rights Administration
Authentication
Network Access
Operating System Access
Application Access
Remote Access
Physical And Environmental Protection
Data Center Security
Cabinet and Vault Security
Physical Security in Distributed IT Environments
Encryption
How Encryption Works
Encryption Key Management
Encryption Types
Examples of Encryption Uses
Malicious Code Prevention
Controls to Protect Against Malicious Code
Systems Development, Acquisition, and Maintenance
Systems Maintenance
Personnel Security
Background Checks and Screening
Agreements: Confidentiality, Non-Disclosure, and Authorized Use
Training
Data Security
Theory and Tools
Practical Application
Service Provider Oversight
Business Continuity Considerations
Insurance
Security Monitoring
Architecture Issues
Activity Monitoring
Network Intrusion Detection Systems
Host Intrusion Detection Systems
Log Transmission, Normalization, Storage, and Protection
Condition Monitoring
Self Assessments
Metrics
Independent Tests
Analysis and Response
Security Incidents
Intrusion Response
Outsourced Systems
Security Process Monitoring and Updating
Monitoring
Updating
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Laws, Regulations, and Guidance
Management
Introduction
Risk Overview
Operational / Transaction Risk
Roles and Responsibilities
IT Roles
Board of Directors / Steering Committee
Chief Information Officer / Chief Technology Officer
IT Line Management
Business Unit Management
IT Responsibilities and Functions
Risk Management Functions
Project Management
Other IT Functions and Support Roles
IT Risk Management Process
Planning IT Operations and Investment
Strategic IT Planning
Operational IT Planning
Risk Identification and Assessment
IT Controls Implementation
Policies, Standards, and Procedures
Internal Controls
Personnel
Insurance
Information Security
Business Continuity
Software Development and Acquisition
Operations
Outsourcing Risk Management
Measure and Monitor
Plan-to-Actual Outcome Measures (Outcome-based Measurement)
Performance Benchmarks
Service Levels
Quality Assurance/Quality Control
Policy Compliance
Management Considerations for Technology
Financial Information
Contracts
Audit Reports
Customer Service
Appendix A: Examination Procedures
Appendix B: Laws, Regulations,and Guidance
Operations
Introduction
Roles and Responsibilities
Board of Directors and Senior Management
Operations Management
Risk Management
Risk Identification
Environmental Survey
Technology Inventory
Hardware
Software
Network Components and Topology
Media
Risk Assessment
Prioritizing Risk Mitigation Efforts
Risk Mitigation and Control Implementation
Policies, Standards, and Procedures
Policies
Standards
Procedures
Controls Implementation
Environmental Controls
Preventive Maintenance
Security
Physical Security
Logical Security
Database Management
Personnel Controls
Change Management
Change Control
Patch Management
Conversions
Information Distribution and Transmission
Output
Transmission
Storage/Back-Up
Disposal of Media
Imaging
Event/Problem Management
User Support/Help Desk
Other Controls
Scheduling
Negotiable Instruments
Risk Monitoring and Reporting
Performance Monitoring
Capacity Planning
Control Self-Assessments
Appendix A: Examination Procedures
Tier I Objectives and Procedures
Tier II Objectives and Procedures
Appendix B: Glossary
Appendix C: Item Processing
Appendix D: Advanced Data Storage Solutions
Outsourcing Technology Services
Introduction
Board and Management Responsibilities
Risk Management
Risk Assessment and Requirements
Quantity of Risk Considerations
Requirements Definition
Service Provider Selection
Request for Proposal
Due Diligence
Contract Issues
Service Level Agreements (SLAs)
Pricing Methods
Bundling
Contract Inducement Concerns
Ongoing Monitoring
Key Service Level Agreements and Contract Provisions
Financial Condition of Service Providers
General Control Environment of the Service Provider
Potential Changes due to the External Environment
Related Topics
Business Continuity Planning
Outsourcing the Business Continuity Function
Information Security/Safeguarding
Multiple Service Provider Relationships
Outsourcing to Foreign Service Providers
Appendix A: Examination Procedures
Appendix B: Laws, Regulations, and Guidance
Appendix C: Foreign-Based Third-Party Service Providers
Appendix D: Managed Security Service Providers
MSSP Engagement Criteria
MSSP Examination Procedures
Retail Payment Systems
Introduction
Retail Payment Systems Overview
Payment Instruments, Clearing, and Settlement
Check-Based Payments
Remotely Created Checks
Electronically Created Payment Orders
Remote Deposit Capture
Check Clearing Houses
The Automated Clearing House (ACH)
The ACH Network
NACHA Rule and Product Changes
Card-Based Electronic Payments
General Purpose Credit Cards
Co-Branded/Affinity Credit Cards
Debit and ATM Cards
EFT/POS Networks
Prepaid (Stored Value) Cards
Payroll Cards
General Spending Reloadable Cards
Online Person-to-person (P2P), Account-to-Account (A2A) Payments and Electronic Cash
Emerging Retail Payment Technologies
Contactless Payment Cards, Proximity Payments and Other Devices
Biometrics for Payment Initiation and Authentication
Emerging Network Technologies
Retail Payment Systems Risk Management
Payment System Risk (PSR) Policy
Strategic Risk
Reputation Risk
Credit Risk
Liquidity Risk
Legal (Compliance) Risk
Operational Risk
Audit
Information Security
Business Continuity Planning
Vendor and Third-Party Management
Retail Payment Instrument Specific Risk Management Controls
Checks
ACH
Third-Party ACH Processing
Credit Cards
Debit/ATM Cards
Card/PIN Issuance
Merchant Acquiring
EFT/POS and Credit Card Networks
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Schematic of Retail Payments Access Channels & Payments Method
Appendix D: Laws, Regulations, and Guidance
Supervision of Technology Service Providers (TSP)
Introduction
Supervisory Policy
Examination Responsibility
A. Insured Financial Institution
B. Insured Financial Institution as TSP
C. Holding Company and Non-Bank Subsidiary of the Holding Company
D. Bank Service Company as TSP
E. Independent TSPs, Including Those in the Multi-Regional Data Processing Servicers Program
Supervisory Programs
MDPS Program
Regional TSP Program
Supervision of Foreign-Based TSP Program
Shared Application Software Review Program
Roles and Responsibilities
Agency-In-Charge
Central Point of Contact
Examiner-In-Charge of Site or Activity
Risk-Based Supervision
Risk-Based-Examination Priority Ranking
Uniform Rating System for Information Technology
Frequency of Examinations
Risks Associated With TSPs
Risk Management
Audit and Internal Controls
Report of Examination
ROE Distribution
Customer List
Appendix A: URSIT
Introduction
Use of Composite Ratings
Use of Component Ratings
Composite Ratings Definitions
Component Ratings Definitions
Component Rating Areas of Coverage
Audit
Management
Development and Acquisition
Support and Delivery
Wholesale Payment Systems
Introduction
Interbank Payment and Messaging Systems
Fedwire and Clearing House Interbank Payments System (CHIPS)
Fedwire Funds Service
CHIPS
Other Clearinghouse, Settlement, and Messaging Systems
National Settlement Service (NSS)
Society for Worldwide Interbank Financial Telecommunication (SWIFT)
Telex-based Messaging Systems
Continuous Linked Settlement (CLS) Bank
Securities Settlement Systems
U.S. Government Securities
Fixed Income Clearing Corporation (FICC)
Fedwire Securities Service
Corporate and Municipal Securities
National Securities Clearing Corporation (NSCC)
Depository Trust Company (DTC)
Intrabank Payment and Messaging Systems
Internally Developed and Off-The-Shelf Funds Transfer Systems
Payment Messaging Systems
In-house Terminals
Non-automated Payment Order Origination
Funds Transfer Operations (Wire Room)
Computer and Network Operations Supporting Funds Transfer
Wholesale Payment Systems Risk Management
Payments System Risk (PSR) Policy
Reputation Risk
Strategic Risk
Credit Risk
Customer Daylight Overdrafts
Settlement Risk
Liquidity Risk
Legal (Compliance) Risk
Operational (Transaction) Risk
Internal and Operational Controls
Audit
Information Security
Business Continuity Planning (BCP)
Vendor and Third-Party Management
Appendix A: Examination Procedures
Tier I Examination Objectives and Procedures
Tier II Examination Objectives and Procedures
Appendix B: Glossary
Appendix C: Laws, Regulations and Guidance
Appendix D: Legal Framework for Interbank Payment Systems
Appendix E: Federal Reserve Board Payment System Risk Policy: Daylight Overdrafts
Appendix F: Payment System Resiliency
Resources
Audit
Business Continuity Planning
E-Banking
Information Security
Management
Outsourcing Technology Services
Retail Payment Systems
Supervision of Technology Service Providers
Wholesale Payment Systems
Reference Materials
Presentations
General Handbook
Audit
Business Continuity Planning
Development and Acquisition
E-Banking
Information Security
Management
Operations
Outsourcing Technology Services
Retail Payment Systems
Supervision of Technology Service Providers
Wholesale Payment Systems
Glossary
Help
Search
What's New
Audit
Introduction
IT Audit Roles and Responsibilities
Independence and Staffing of Internal IT Audit
Internal Audit Program
Risk Assessment and Risk-Based Auditing
Audit Participation in Application Development, Acquisition, Conversions, and Testing
Outsourcing Internal IT Audit
Third-Party Reviews of Technology Service Providers
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Laws, Regulations, and Guidance
Business Continuity Planning
Introduction
Board and Senior Management Responsibilities
Business Continuity Planning Process
Business Impact Analysis
Risk Assessment
Risk Management
Risk Monitoring and Testing
Other Policies, Standards and Processes
Summary
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Internal And External Threats
Appendix D: Pandemic Planning
Appendix E: Interdependencies
Appendix F: Business Impact Analysis Process
Appendix G: Business Continuity Plan Components
Appendix H: Testing Program - Governance and Attributes
Appendix I: Laws, Regulations, and Guidance
Development and Acquisition
Introduction
Project Management
Development Procedures
Acquisition
Maintenance
Appendix A: Examination Procedures
Appendix B: Glossary
E-Banking
Introduction
E-Banking Risks
Risk Management of E-Banking Activities
Appendix B: Glossary
Appendix C: Laws, Regulations, and Guidance
Appendix D: Aggregation Services
Appendix E: Wireless Banking
Information Security
Introduction
Security Process
Information Security Risk Assessment
Information Security Strategy
Security Controls Implementation
Security Monitoring
Security Process Monitoring and Updating
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Laws, Regulations, and Guidance
Management
Introduction
Risk Overview
Roles and Responsibilities
IT Risk Management Process
Management Considerations for Technology
Appendix A: Examination Procedures
Appendix B: Laws, Regulations,and Guidance
Operations
Introduction
Roles and Responsibilities
Risk Identification
Risk Assessment
Risk Mitigation and Control Implementation
Risk Monitoring and Reporting
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Item Processing
Appendix D: Advanced Data Storage Solutions
Outsourcing Technology Services
Introduction
Board and Management Responsibilities
Risk Management
Related Topics
Appendix A: Examination Procedures
Appendix B: Laws, Regulations, and Guidance
Appendix C: Foreign-Based Third-Party Service Providers
Appendix D: Managed Security Service Providers
Retail Payment Systems
Introduction
Retail Payment Systems Overview
Payment Instruments, Clearing, and Settlement
Retail Payment Systems Risk Management
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Schematic of Retail Payments Access Channels & Payments Method
Appendix D: Laws, Regulations, and Guidance
Supervision of Technology Service Providers (TSP)
Introduction
Supervisory Policy
Supervisory Programs
Roles and Responsibilities
Risk-Based Supervision
Appendix A: URSIT
Wholesale Payment Systems
Introduction
Interbank Payment and Messaging Systems
Securities Settlement Systems
Intrabank Payment and Messaging Systems
Wholesale Payment Systems Risk Management
Appendix A: Examination Procedures
Appendix B: Glossary
Appendix C: Laws, Regulations and Guidance
Appendix D: Legal Framework for Interbank Payment Systems
Appendix E: Federal Reserve Board Payment System Risk Policy: Daylight Overdrafts
Appendix F: Payment System Resiliency
Welcome
»
IT Booklets
»
E-Banking
»
Appendix C: Laws, Regulations, and Guidance
Appendix C: Laws, Regulations, and Guidance
Sources
Laws
Federal Reserve Board
Federal Deposit Insurance Corporation
National Credit Union Administration
Office of the Comptroller of the Currency
Office of Thrift Supervision
Laws
Resource Title
Type
Date
12 USC 1861-1867(c): Bank Service Company Act
Laws
N/A
15 USC 6801 and 6805(b): Gramm-Leach-Bliley Act (GLBA)
Laws
N/A
18 USC 1030: Fraud and Related Activity in Connection with Computers
Laws
N/A
Pub. L. No. 106-229: Electronic Signatures in Global and National Commerce Act (E-Sign Act)
Laws
N/A
Pub. L. No. 107-56: USA PATRIOT Act
Laws
N/A
Federal Reserve Board
Resource Title
Type
Date
12 CFR 208.62: Suspicious Activity Reports
Regulations
N/A
12 CFR Part 208: Interagency Guidelines Establishing Standards for Safeguarding Customer Information, Appendix D-2 (State Member Banks)
Regulations
N/A
12 CFR 211.5: Interagency Guidelines Establishing Standards for Safeguarding Customer Information (Edge or agreement corporation)
Regulations
N/A
12 CFR 211.24: Interagency Guidelines Establishing Standards for Safeguarding Customer Information (uninsured state-licensed branch or agency of a foreign bank)
Regulations
N/A
12 CFR Part 225 Appendix F: Interagency Guidelines Establishing Standards for Safeguarding Customer Information (bank holding companies and their non-bank subsidiaries or affiliates)
Regulations
N/A
SR Letter 01-20: FFIEC Guidance on Authentication
Guidance
August 15, 2001
SR Letter 01-15: Standards for Safeguarding Customer Information
Guidance
May 31, 2001
SR Letter 01-11: Identity Theft and Pretext Calling
Guidance
April 26, 2001
SR Letter 00-17: Guidance on the Risk Management of Outsourced Technology Services
Guidance
November 30, 2001
SR Letter 00-05: Lessons Learned from the Year 2000 Project
Guidance
March 31, 2000
SR Letter 00-04: Outsourcing of Information and Transaction Processing
Guidance
February 29, 2000
SR Letter 00-03: Information Technology Examination Frequency
Guidance
February 29, 2000
SR Letter 99-08: Uniform Rating System for Information Technology
Guidance
March 31, 1999
SR Letter 98-14: Interagency Policy Statement on Branch Names
Guidance
June 3, 1998
SR Letter 98-09: Assessment of Information Technology in the Risk-Focused Frameworks for the Supervision of Community Banks and Large Complex Banking Organizations
Guidance
April 20, 1998
SR Letter 97-32: Sound Practices Guidance for Information Security for Networks
Guidance
December 4, 1997
SR Letter 97-28: Guidance Concerning the Reporting of Computer-Related Crimes by Financial Institutions
Guidance
November 6, 1997
Federal Deposit Insurance Corporation
Resource Title
Type
Date
12 CFR Part 328: FDIC Advertisement of Membership
Regulations
N/A
12 CFR Part 353: Suspicious Activity Reports
Regulations
N/A
12 CFR Part 364 Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer Information
Regulations
N/A
FIL-30-2003: Weblinking
Guidance
April 23, 2003
FIL-8-2002: Wireless Networks And Customer Access
Guidance
February 1, 2002
FIL-69-2001: Authentication in an Electronic Banking Environment
Guidance
August 24, 2001
FIL-50-2001: Bank Technology Bulletin on Outsourcing
Guidance
June 4, 2001
FIL-68-2001: 501(b) Examination Guidance
Guidance
August 24, 2001
FIL-33-2001: Electronic Funds Transfers
Guidance
April 20, 2001
FIL-25-2001: Electronic Funds Transfers
Guidance
March 23, 2001
FIL-22-2001: Security Standards for Customer Information
Guidance
March 14, 2001
FIL-81-2000: Risk Management of Technology Outsourcing
Guidance
November 29, 2000
FIL-77-2000: Bank Technology Bulletin: Protecting Internet Domain Names
Guidance
November 9, 2000
FIL-72-2000: Electronic Signatures in Global and National Commerce Act
Guidance
November 2, 2000
FIL-67-2000: Security Monitoring of Computer Networks
Guidance
October 3, 2000
FIL-63-2000: Online Banking
Guidance
September 21, 2000
FIL-68-99: Risk Assessment Tools And Practices For Information System Security
Guidance
July 7, 1999
FIL-49-99: Bank Service Company Act
Guidance
June 3, 1999
FIL-98-98: Pretext Phone Calling
Guidance
September 2, 1998
FIL-86-98: Electronic Commerce and Consumer Privacy
Guidance
August 17, 1998
FIL-79-98: Electronic Financial Services and Consumer Compliance
Guidance
July 16, 1998
FIL-46-98: Guidance on the Use of Trade Names
Guidance
May 1, 1998
FIL-131-97: Security Risks Associated with the Internet
Guidance
December 18, 1997
FIL-124-97: Suspicious Activity Reporting
Guidance
December 5, 1997
FIL-14-97: Electronic Banking Examination Procedures
Guidance
February 26, 1997
FIL-59-96: Stored Value Cards and Other Electronic Payment Systems
Guidance
August 6, 1996
National Credit Union Administration
Resource Title
Type
Date
12 CFR Part 721: Incidental Powers
Regulations
N/A
12 CFR Part 748: Security Program, Report of Crime and Catastrophic Act and Bank Secrecy Act Compliance
Regulations
N/A
12 CFR Part 716: Privacy of Consumer Financial Information & Appendix
Regulations
N/A
12 CFR Part 741: Requirements for Insurance
Regulations
N/A
12 CFR Part 740: Advertising
Regulations
N/A
NCUA Letter to Credit Unions 03-CU-08: Weblinking: Identifying Risks & Risk Management Techniques
Guidance
April 2003
NCUA Letter to Credit Unions 02-CU-17: E-Commerce Guide for Credit Unions
Guidance
December 2002
NCUA Letter to Credit Unions 02-CU-16: Protection of Credit Union Internet Addresses
Guidance
December 2002
NCUA Letter to Federal Credit Unions 02-FCU-11: Tips to Safely Conduct Financial Transactions Over the Internet-An NCUA Brochure for Credit Union Members
Guidance
July 2002
NCUA Letter to Credit Unions 02-CU-13: Vendor Information Systems & Technology Reviews-Summary Results
Guidance
July 2002
NCUA Letter to Credit Unions 02-CU-08: Account Aggregation Services
Guidance
April 2002
NCUA Letter to Federal Credit Unions 02-FCU-04: Weblinking Relationships
Guidance
March 2002
NCUA Letter to Credit Unions 01-CU-20: Due Diligence Over Third-Party Service Providers
Guidance
November 2001
NCUA Letter to Credit Unions 01-CU-12: E-Commerce Insurance Considerations
Guidance
October 2001
NCUA Letter to Credit Unions 01-CU-09: Identity Theft and Pretext Calling
Guidance
September 2001
NCUA Letter to Credit Unions 01-CU-11: Electronic Data Security Overview
Guidance
August 2001
Authentication in an Electronic Banking Environment, NCUA Letter to Credit Unions 01-CU-10
Guidance
August 2001
NCUA Regulatory Alert 01-RA-03: Electronic Signatures in Global and National Commerce Act (E-Sign Act)
Guidance
March 2001
NCUA Letter to Credit Unions 01-CU-02: Privacy of Consumer Financial Information
Guidance
February 2001
NCUA Letter to Credit Unions 00-CU-11: Risk Management of Outsourced Technology Services (with Enclosure)
Guidance
December 2000
NCUA Letter to Credit Unions 00-CU-07: NCUA's Information Systems & Technology Examination Program
Guidance
October 2000
NCUA Letter to Credit Unions 00-CU-04: Suspicious Activity Reporting (see section on "Computer Intrusion")
Guidance
June 2000
NCUA Letter to Credit Unions 00-CU-02: Identity Theft Prevention
Guidance
May 2000
NCUA Regulatory Alert 99-RA-3: Pretext Phone Calling by Account Information Brokers
Guidance
February 1999
NCUA Regulatory Alert 9--RA-4: Interagency Guidance on Electronic Financial Services and Consumer Compliance
Guidance
July 1998
NCUA Letter to Credit Unions 97-CU-5: Interagency Statement on Retail On-Line PC Banking,
Guidance
April 1997
NCUA Letter to Credit Unions 97-CU-1: Automated Response System Controls
Guidance
January 1997
Office of the Comptroller of the Currency
Resource Title
Type
Date
12 CFR 7.1002: National Banks Acting as Finder
Regulations
N/A
12 CFR Part 7, Subpart E: Electronic Activities
Regulations
N/A
12 CFR Part 21, Subpart B: Reports of Suspicious Activities
Regulations
N/A
12 CFR Part 30, Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer Information
Regulations
N/A
OCC Bulletin 2003-15: Weblinking: Interagency Guidance on Weblinking Activity
Guidance
April 23, 2003
OCC Bulletin 2002-16: Bank Use of Foreign-Based Third-Party Service Providers
Guidance
May 15, 2002
OCC Bulletin 2002-2: ACH Transactions Involving the Internet
Guidance
January 14, 2002
OCC Bulletin 2001-47: Third-Party Relationships
Guidance
November 1, 2001
OCC Advisory Letter 2001-8: Authentication in an Electronic Banking Environment
Guidance
July 30, 2001
OCC Bulletin 2001-35: Examination Procedures to Evaluate Compliance with the Guidelines to Safeguard Customer Information
Guidance
July 18, 2001
OCC Bulletin 2001-23: Uniform Standards for the Electronic Delivery of Disclosures; Regulations M, Z, B, E and DD
Guidance
April 27, 2001
OCC Advisory Letter 2001-04: Identity Theft and Pretext Calling
Guidance
April 30, 2001
OCC Alert 2001-04: Network Security Vulnerabilities
Guidance
April 24, 2001
OCC Bulletin 2001-12: Bank-Provided Account Aggregation Services
Guidance
February 28, 2001
Suspicious Activity Report, OCC Bulletin 2000-19
Guidance
June 2000
OCC Alert 2000-9: Protecting Internet Addresses of National Banks
Guidance
July 19, 2000
OCC Bulletin 99-20: Certification Authority Systems
Guidance
May 4, 1999
OCC Bulletin 98-22: Branch Names
Guidance
May 12, 1998
OCC Advisory Letter 97-9: Reporting Computer-Related Crimes
Guidance
November 19, 1997
Office of Thrift Supervision
Resource Title
Type
Date
12 CFR Part 555: Electronic Operations
Regulations
N/A
12 CFR 563.180: Suspicious Activity Reports and Other Reports and Statements
Regulations
N/A
12 CFR Part 568: Security Procedures Under the Bank Protection Act
Regulations
N/A
12 CFR Part 570 Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer Information
Regulations
N/A
12 CFR Part 573: Privacy of Consumer Financial Information
Regulations
N/A
CEO Ltr 155: Interagency Guidance: Privacy of Consumer Financial Information
Guidance
February 11, 2002
CEO Ltr 143: Interagency Guidance on Authentication in an Electronic Banking Environment (transmits FFIEC document, Authentication in an Electronic Banking Environment)
Guidance
August 9, 2001
CEO Ltr 139: Identity Theft and Pretext Calling
Guidance
May 4, 2001
CEO Ltr 109: Transactional Web Sites
Guidance
June 10, 1999
CEO Ltr 97: Policy Statement on Privacy and Accuracy of Personal Customer Information and Interagency Pretext Phone Calling Memorandum
Guidance
November 3, 1998
CEO Ltr 86: Interagency Statement on Branch Names
Guidance
June 11, 1998
CEO Ltr 70: Statement on On-Line Personal Computer Banking
Guidance
June 23, 1997
Previous Section
Appendix B: Glossary
Next Section
Appendix D: Aggregation Services