Appendix C: Laws, Regulations, and Guidance

Sources


Laws

Resource TitleTypeDate
12 USC 1861-1867(c): Bank Service Company ActLawN/A
15 USC 6801 and 6805(b): Gramm-Leach-Bliley Act (GLBA)LawN/A
18 USC 1030: Fraud and Related Activity in Connection with ComputersLawN/A
Pub. L. No. 106-229: Electronic Signatures in Global and National Commerce Act (E-Sign Act)LawN/A
Pub. L. No. 107-56: USA PATRIOT ActLawN/A

Federal Reserve Board

Resource TitleTypeDate
12 CFR 208.62: Suspicious Activity ReportsRegulationN/A
12 CFR Part 208: Interagency Guidelines Establishing Standards for Safeguarding Customer Information, Appendix D-2 (State Member Banks)RegulationN/A
12 CFR 211.5: Interagency Guidelines Establishing Standards for Safeguarding Customer Information (Edge or agreement corporation)RegulationN/A
12 CFR 211.24: Interagency Guidelines Establishing Standards for Safeguarding Customer Information (uninsured state-licensed branch or agency of a foreign bank)RegulationN/A
12 CFR Part 225 Appendix F: Interagency Guidelines Establishing Standards for Safeguarding Customer Information (bank holding companies and their non-bank subsidiaries or affiliates)RegulationN/A
SR Letter 01-20: FFIEC Guidance on AuthenticationGuidanceAugust 15, 2001
SR Letter 01-15: Standards for Safeguarding Customer InformationGuidanceMay 31, 2001
SR Letter 01-11: Identity Theft and Pretext CallingGuidanceApril 26, 2001
SR Letter 00-17: Guidance on the Risk Management of Outsourced Technology ServicesGuidanceNovember 30, 2001
SR Letter 00-05: Lessons Learned from the Year 2000 ProjectGuidanceMarch 31, 2000
SR Letter 00-04: Outsourcing of Information and Transaction ProcessingGuidanceFebruary 29, 2000
SR Letter 00-03: Information Technology Examination FrequencyGuidanceFebruary 29, 2000
SR Letter 99-08: Uniform Rating System for Information TechnologyGuidanceMarch 31, 1999
SR Letter 98-14: Interagency Policy Statement on Branch NamesGuidanceJune 3, 1998
SR Letter 98-09: Assessment of Information Technology in the Risk-Focused Frameworks for the Supervision of Community Banks and Large Complex Banking OrganizationsGuidanceApril 20, 1998
SR Letter 97-32: Sound Practices Guidance for Information Security for NetworksGuidanceDecember 4, 1997
SR Letter 97-28: Guidance Concerning the Reporting of Computer-Related Crimes by Financial InstitutionsGuidanceNovember 6, 1997

Federal Deposit Insurance Corporation

Resource TitleTypeDate
12 CFR Part 328: FDIC Advertisement of MembershipRegulationN/A
12 CFR Part 353: Suspicious Activity ReportsRegulationN/A
12 CFR Part 364 Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer InformationRegulationN/A
FIL-30-2003: WeblinkingGuidanceApril 23, 2003
FIL-8-2002: Wireless Networks And Customer AccessGuidanceFebruary 1, 2002
FIL-69-2001: Authentication in an Electronic Banking EnvironmentGuidanceAugust 24, 2001
FIL-50-2001: Bank Technology Bulletin on OutsourcingGuidanceJune 4, 2001
FIL-68-2001: 501(b) Examination GuidanceGuidanceAugust 24, 2001
FIL-33-2001: Electronic Funds TransfersGuidanceApril 20, 2001
FIL-25-2001: Electronic Funds TransfersGuidanceMarch 23, 2001
FIL-22-2001: Security Standards for Customer InformationGuidanceMarch 14, 2001
FIL-81-2000: Risk Management of Technology OutsourcingGuidanceNovember 29, 2000
FIL-77-2000: Bank Technology Bulletin: Protecting Internet Domain NamesGuidanceNovember 9, 2000
FIL-72-2000: Electronic Signatures in Global and National Commerce ActGuidanceNovember 2, 2000
FIL-67-2000: Security Monitoring of Computer NetworksGuidanceOctober 3, 2000
FIL-63-2000: Online BankingGuidanceSeptember 21, 2000
FIL-68-99: Risk Assessment Tools And Practices For Information System SecurityGuidanceJuly 7, 1999
FIL-49-99: Bank Service Company ActGuidanceJune 3, 1999
FIL-98-98: Pretext Phone CallingGuidanceSeptember 2, 1998
FIL-86-98: Electronic Commerce and Consumer PrivacyGuidanceAugust 17, 1998
FIL-79-98: Electronic Financial Services and Consumer ComplianceGuidanceJuly 16, 1998
FIL-46-98: Guidance on the Use of Trade NamesGuidanceMay 1, 1998
FIL-131-97: Security Risks Associated with the InternetGuidanceDecember 18, 1997
FIL-124-97: Suspicious Activity ReportingGuidanceDecember 5, 1997
FIL-14-97: Electronic Banking Examination ProceduresGuidanceFebruary 26, 1997
FIL-59-96: Stored Value Cards and Other Electronic Payment SystemsGuidanceAugust 6, 1996

National Credit Union Administration

Resource TitleTypeDate
12 CFR Part 721: Incidental PowersRegulationN/A
12 CFR Part 748: Security Program, Report of Crime and Catastrophic Act and Bank Secrecy Act ComplianceRegulationN/A
12 CFR Part 716: Privacy of Consumer Financial Information & AppendixRegulationN/A
12 CFR Part 741: Requirements for InsuranceRegulationN/A
12 CFR Part 740: AdvertisingRegulationN/A
NCUA Letter to Credit Unions 03-CU-08: Weblinking: Identifying Risks & Risk Management TechniquesGuidanceApril 2003
NCUA Letter to Credit Unions 02-CU-17: E-Commerce Guide for Credit UnionsGuidanceDecember 2002
NCUA Letter to Credit Unions 02-CU-16: Protection of Credit Union Internet AddressesGuidanceDecember 2002
NCUA Letter to Federal Credit Unions 02-FCU-11: Tips to Safely Conduct Financial Transactions Over the Internet-An NCUA Brochure for Credit Union MembersGuidanceJuly 2002
NCUA Letter to Credit Unions 02-CU-13: Vendor Information Systems & Technology Reviews-Summary ResultsGuidanceJuly 2002
NCUA Letter to Credit Unions 02-CU-08: Account Aggregation ServicesGuidanceApril 2002
NCUA Letter to Federal Credit Unions 02-FCU-04: Weblinking RelationshipsGuidanceMarch 2002
NCUA Letter to Credit Unions 01-CU-20: Due Diligence Over Third-Party Service ProvidersGuidanceNovember 2001
NCUA Letter to Credit Unions 01-CU-12: E-Commerce Insurance ConsiderationsGuidanceOctober 2001
NCUA Letter to Credit Unions 01-CU-09: Identity Theft and Pretext CallingGuidanceSeptember 2001
NCUA Letter to Credit Unions 01-CU-11: Electronic Data Security OverviewGuidanceAugust 2001
Authentication in an Electronic Banking Environment, NCUA Letter to Credit Unions 01-CU-10GuidanceAugust 2001
NCUA Regulatory Alert 01-RA-03: Electronic Signatures in Global and National Commerce Act (E-Sign Act)GuidanceMarch 2001
NCUA Letter to Credit Unions 01-CU-02: Privacy of Consumer Financial InformationGuidanceFebruary 2001
NCUA Letter to Credit Unions 00-CU-11: Risk Management of Outsourced Technology Services (with Enclosure) GuidanceDecember 2000
NCUA Letter to Credit Unions 00-CU-07: NCUA's Information Systems & Technology Examination ProgramGuidanceOctober 2000
NCUA Letter to Credit Unions 00-CU-04: Suspicious Activity Reporting (see section on "Computer Intrusion") GuidanceJune 2000
NCUA Letter to Credit Unions 00-CU-02: Identity Theft PreventionGuidanceMay 2000
NCUA Regulatory Alert 99-RA-3: Pretext Phone Calling by Account Information BrokersGuidanceFebruary 1999
NCUA Regulatory Alert 9--RA-4: Interagency Guidance on Electronic Financial Services and Consumer ComplianceGuidanceJuly 1998
NCUA Letter to Credit Unions 97-CU-5: Interagency Statement on Retail On-Line PC Banking,GuidanceApril 1997
NCUA Letter to Credit Unions 97-CU-1: Automated Response System ControlsGuidanceJanuary 1997

Office of the Comptroller of the Currency

Resource TitleTypeDate
12 CFR 7.1002: National Banks Acting as FinderRegulationN/A
12 CFR Part 7, Subpart E: Electronic ActivitiesRegulationN/A
12 CFR Part 21, Subpart B: Reports of Suspicious ActivitiesRegulationN/A
12 CFR Part 30, Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer InformationRegulationN/A
OCC Bulletin 2003-15: Weblinking: Interagency Guidance on Weblinking ActivityGuidanceApril 23, 2003
OCC Bulletin 2002-16: Bank Use of Foreign-Based Third-Party Service ProvidersGuidanceMay 15, 2002
OCC Bulletin 2002-2: ACH Transactions Involving the InternetGuidanceJanuary 14, 2002
OCC Bulletin 2001-47: Third-Party RelationshipsGuidanceNovember 1, 2001
OCC Advisory Letter 2001-8: Authentication in an Electronic Banking EnvironmentGuidanceJuly 30, 2001
OCC Bulletin 2001-35: Examination Procedures to Evaluate Compliance with the Guidelines to Safeguard Customer InformationGuidanceJuly 18, 2001
OCC Bulletin 2001-23: Uniform Standards for the Electronic Delivery of Disclosures; Regulations M, Z, B, E and DDGuidanceApril 27, 2001
OCC Advisory Letter 2001-04: Identity Theft and Pretext CallingGuidanceApril 30, 2001
OCC Alert 2001-04: Network Security VulnerabilitiesGuidanceApril 24, 2001
OCC Bulletin 2001-12: Bank-Provided Account Aggregation ServicesGuidanceFebruary 28, 2001
Suspicious Activity Report, OCC Bulletin 2000-19GuidanceJune 2000
OCC Alert 2000-9: Protecting Internet Addresses of National BanksGuidanceJuly 19, 2000
OCC Bulletin 99-20: Certification Authority SystemsGuidanceMay 4, 1999
OCC Bulletin 98-22: Branch NamesGuidanceMay 12, 1998
OCC Advisory Letter 97-9: Reporting Computer-Related CrimesGuidanceNovember 19, 1997

Office of Thrift Supervision

Resource TitleTypeDate
12 CFR Part 555: Electronic OperationsRegulationN/A
12 CFR 563.180: Suspicious Activity Reports and Other Reports and StatementsRegulationN/A
12 CFR Part 568: Security Procedures Under the Bank Protection ActRegulationN/A
12 CFR Part 570 Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer InformationRegulationN/A
12 CFR Part 573: Privacy of Consumer Financial InformationRegulationN/A
CEO Ltr 155: Interagency Guidance: Privacy of Consumer Financial InformationGuidanceFebruary 11, 2002
CEO Ltr 143: Interagency Guidance on Authentication in an Electronic Banking Environment (transmits FFIEC document, Authentication in an Electronic Banking Environment) GuidanceAugust 9, 2001
CEO Ltr 139: Identity Theft and Pretext CallingGuidanceMay 4, 2001
CEO Ltr 109: Transactional Web SitesGuidanceJune 10, 1999
CEO Ltr 97: Policy Statement on Privacy and Accuracy of Personal Customer Information and Interagency Pretext Phone Calling MemorandumGuidanceNovember 3, 1998
CEO Ltr 86: Interagency Statement on Branch NamesGuidanceJune 11, 1998
CEO Ltr 70: Statement on On-Line Personal Computer BankingGuidanceJune 23, 1997

 

Previous Section
Appendix B: Glossary
Next Section
Appendix D: Aggregation Services