TRENDING:

Electronic Banking

BankInfoSecurity.comSeptember 27, 2005    


Description:  Final Rule  
The OCC has issued a final rule governing national banks’ ability to conduct business using electronic technologies.  The regulation was published in the Federal Register on May 17 and, except for one provision, is effective on June 17.  The exception is a provision containing certain disclosure requirements for national banks that have co-branded Web sites or other shared electronic space. 

See Also: How High-Assurance Digital Identity has become the Center of Authentication Cybersecurity

Among the most significant changes, the final rule:

·Codifies recent OCC interpretive letters approving the use of finder authority by national banks to engage in activities made possible by technological developments.

·Sets forth the factors the OCC considers in determining whether an electronic activity is part of, or incidental to, the business of banking.

·Clarifies that state law is not applicable to a national bank’s conduct of an authorized activity through electronic means or facilities if the state law, as applied to the activity, would be preempted pursuant to traditional principles of federal preemption, and describes the preemption standards established by Supreme Court precedents.

·Codifies the excess capacity doctrine, clarifying that a national bank may market and sell electronic capacities “legitimately acquired or developed by the bank for its banking business,” as well as the “by-product doctrine,” a well-established doctrine closely related to excess capacity that applies to production, such as software. ·Codifies OCC interpretations that permit national banks, as part of a digital signature transaction, to act as a certification authority that issues certificates verifying the identity of the certificate holder and any other attribute for which verification is part of, or incidental to, the business of banking, e.g., financial capacity.

·Codifies OCC interpretations that permit a national bank to collect, process, transcribe, analyze, and store banking, financial, and economic data for itself and its customers as part of the business of banking. The final rule also permits a national bank to process additional types of data to the extent convenient or useful to provide or market the financial data processing services.

·Clarifies that a national bank will not be considered “located” in a state simply because it maintains technology, such as a server or an automated loan center, in that state or because customers in that state electronically access a bank’s products and services.

·Requires that a national bank that shares electronic space (such as Web pages or Web sites) with another business take reasonable steps to clearly, conspicuously, and understandably distinguish between products and services offered by the bank and those offered by the other business.

The rule creates a new subpart E to part 7 of the OCC’s regulations to house these and other OCC provisions related to the conduct of national bank activities through electronic means.

This rule is the result of a review by the OCC of its regulations with the goal of revising them in ways that would facilitate bank use of technology, consistent with safety and soundness.  This review began with the publishing of an advance notice of proposed rulemaking (ANPR) in the Federal Register on February 2, 2000 (65 Fed. Reg. 4895).  The proposed rule, which reflected the comments we received on this ANPR, was published in the Federal Register on July 2, 2001 (66 Fed. Reg. 34855).

For further information, contact James Gillespie, assistant chief counsel at (202) 874-5200 or Heidi M. Thomas, special counsel, Legislative and Regulatory Activities Division at (202) 874-5090.

Attachment:  67 FR 34992

                    

Previous
Identity Theft: Are you at risk?
Next
Customer Identity Theft: E-Mail-Related Fraud Threats

About the Author



Around the Network

How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.