11/21/2005
We currently mail overdraft and insufficient funds notices to customers. Is it permissible to send these via e-mail if agreeable with the customer? If so, are there specific parameters governing this?
08/15/2005
Our organization uses a vendor to service our mortgage loans. The vendor emails trial balance data, (loan numbers, names, balances, etc.) to us. The emails are password protected. Is this sufficient under GLBA or must the emails be encrypted?
07/01/2005
While information technology is not usually the responsibility of the compliance manager, there are certain IT functions that the compliance manager should make sure are in place.
04/01/2005
According to Exigen Group, a banking technology company, banking professionals have more to stress about than their own personnel cholesterol levels - they also face "corporate cholesterol."The ter
10/06/2003
We face new challenges everyday with respect to viruses, ongoing software patches and updates as well new technologies to integrate within our bank. All of these put a strain on our IT resources. How do other banks justify staffing requirements and handle peak demand times?
09/01/2003
Commonly cited violations have long been a source of important information for the design and management of compliance programs.
08/18/2003
In the past, we sent mortgage loan closing documents to the title company via the internet. We stopped this practice because we feel that without having a secured e-mail line, and without encrypting the data, we would be in violation of GLB. Same with sending our Good Faith Estimates, or other disclosures. We stopped sending via e-mail to customers because of GLB issues. Are we correct in that it would be a violation of GLB to send non-public financial information electronically over a non-secure line?
08/04/2003
As it relates to IT examinations, what are the top "hot buttons" for regulators?
02/01/2003
Michele Petry, Ph.D., BankersOnline.com
01/06/2003
Are there any requirements or criteria for Penetration testing? Can we perform the penetration testing ourselves? If we hire a third party vendor, should we require documentation saying they are authorized by the Regulators to perform the tests or that the testing will meet certain standards? Does the penetration testing requirement only apply to wired network or do we have to have penetration testing on the wireless as well?