06/19/2006
We would like information on whether a bank is required to contact regulators and customers when an employee has e-mailed some non-public information of our customers to an employee at another financial institution. The purpose was to get copies of forms, but some information such as loan numbers, loan amounts, and names of customers were on the copies of the documents. Since this information was passed between financial institutions, and all efforts will be taken to inform the other financial institution that this information was passed and must be held confidential or destroyed, does this create the notice requirement for privacy of a breach?
06/12/2006
What must be done if a tape containing loan customer information is lost in transit to the credit bureau? The tape is encrypted and contains minimal sensitive information.
03/13/2006
What is the CIP record retention period for mortgage loans that we sell and no longer service? Do we maintain the records five years after we sell the loan?
01/02/2006
Please provide a comprehensive list of the regulations that have "required training" stated, within the regulation. Also, I am looking for a suggested/required training list that would be applicable to ALL bank staff: So far I have sexual harassment, workplace violence, privacy, robbery, CIP, and BSA.
12/01/2005
The agencies have published new examination procedures for FCRA and the FACT Act.
12/01/2005
To assist institutions in their efforts to design and manage effective information security programs, the agencies have issued guidance especially designed for small entities, which appears to be a
12/01/2005
Risk is that four letter word that is most on our minds right now. In the context of information security, managing risk is a front burner issue. But what, exactly, is it?
11/07/2005
Upon receiving a non-local check, we attempted to call for check verification. The bank we spoke with said that due to the USA PATRIOT Act, they were unable to verify funds, and that we would have to deposit the check and wait for it to clear. I was unaware of this and was wandering where it's stated in the USA PATRIOT Act.
10/03/2005
We have been notified by VISA Fraud that 23 of our customers debit cards may have been compromised. We have notified each affected customers. To date we have not identified any loss. Do we need to: 1) file a SAR?, 2) notify law enforcement? or 3) notify the FDIC?
10/01/2005