02/11/2008
What is the requirement for training employees on Information Technology - Use and Monitoring...including computer access, email do's and don'ts, etc?
11/12/2007
I have a very technical GLBA question. It is my understanding that if all employees of the bank are required to have deposit accounts then they are also considered a customer under GLBA. If there happened to be a breach of employee nonpublic information through the HR department, say the payroll vendor was compromised and all employees' social security numbers were released, would this not be considered a breach under GLBA and notification required to the affected customers (employees) along with notice to our regulators? Is it possible since the breach occurred through HR department and was of employees' nonpublic information that it is not defined as a breach under GLBA?
07/09/2007
We are having a misunderstanding at my financial institution about the USA PATRIOT Act. We were first opening corporate accounts and gathering identification documentation and social security numbers on all the signers on corporate accounts. We were then instructed that it was unnecessary to obtain this information on the signers. Then about a year later we were instructed that the USA PATRIOT Act does require us to get this information. Does BSA or the PATRIOT Act require financial institutions to get ID for signers on corporate accounts as of 2007? If it does not, where can I find this information?
02/19/2007
What are the criteria for retention of CIP forms? How long do we retain CIP forms? Do we need to retain them for a specific period after accounts are closed and loans are satisfied?
10/02/2006
In the past, we sent mortgage loan closing documents to the title company via the internet. We stopped this practice because we feel that without having a secured e-mail line, and without encrypting the data, we would be in violation of GLB. Same with sending our Good Faith Estimates, or other disclosures. We stopped sending via e-mail to customers because of GLB issues. Are we correct in that it would be a violation of GLB to send non-public financial information electronically over a non-secure line?
09/18/2006
Should our bank have confidentiality agreements with allvendors who provide services to our bank? (ie. on-site paper shredding companies, coffee suppliers, etc.)
08/14/2006
I work for a federal agency that sends literally millions of deposits directly to bank accounts each month. Our policy states that in the event a beneficiary does not receive a direct deposit in his/her account, we must verify with the bank that the deposit was not received. With the financial privacy act in mind, can banks verify whether or not a deposit has been received if the depositor knows the owner of the account, the account number, the SSN of the account holder, the amount of deposit and the date it was deposited?
08/14/2006
In the past, we sent mortgage loan closing documents to the title company via the internet. We stopped this practice because we feel that without having a secured e-mail line, and without encrypting the data, we would be in violation of GLB. Same with sending our Good Faith Estimates, or other disclosures. We stopped sending via e-mail to customers because of GLB issues. Are we correct in that it would be a violation of GLB to send non-public financial information electronically over a non-secure line?
06/19/2006
We would like information on whether a bank is required to contact regulators and customers when an employee has e-mailed some non-public information of our customers to an employee at another financial institution. The purpose was to get copies of forms, but some information such as loan numbers, loan amounts, and names of customers were on the copies of the documents. Since this information was passed between financial institutions, and all efforts will be taken to inform the other financial institution that this information was passed and must be held confidential or destroyed, does this create the notice requirement for privacy of a breach?
06/19/2006
One of our staff members disclosed client information to a third party. The staff member has been terminated. Do we need to file a SAR?
