Regulatory Reports

Regulatory guidance is very clear when it comes to the protection of customers from foreseeable threats. Data collected by BD-BrandProtect can be used to populate regulatory reports for management, executive, board level and regulatory agency purposes.

Financial institutions need to take action immediately by monitoring the Internet for:

	Phishing sites
	Unauthorized weblinking
	Unauthorized brand name use
	Unauthorized or detrimental use of institution, board, or employee name

Quick Facts

Section 501(b) of the Gramm Leach Bliley Act (GLBA) mandates federal regulators (OCC, OTS, FRB, FDIC, NCUA, FTC, SEC) to implement guidelines that financial services organizations must follow. These include:

	Safeguard the security and confidentiality of customer records
	Protect against anticipated threats to the security of such records
	Protect against unauthorized access to, or use of, such records
	Protect against substantial harm or inconvenience to the customer

The Federal Financial Institutions Examinations Council (FFIEC) – E-Banking Handbook discusses the negative public perception due to website disruptions outlines the:

	Liability for unauthorized transactions
	Losses from fraud if the institution fails to correctly verify new accounts
	Consumer confusion due to fraudulent weblinking
	Reputation risk as a result of the theft of confidential customer information

The FFIEC also speaks to the importance of monitoring Internet threats to control risk and provide an informational brochure on Internet "Phishing" Scams September 13, 2004; and Weblinking: Identifying Risks and Risk Management Techniques April 23, 2003 and FDIC Financial Institution Letters which provide guidance on:

	How financial institutions can protect against pharming attacks
	Safeguarding customers against e-mail and Internet related fraudulent schemes
	Protecting Internet Domain Names

The OCC also provides bulletins and alerts, which include information on:

	Threats from fraudulent bank websites
	Customer identity theft