OCC
Electronic Banking Guidance |
OCC issues guidance to ensure national banks and their service
providers and software vendors maintain safe and sound banking practices.
|
Handbooks |
Handbooks provide guidance to
national banks, service providers, software vendors and bank
examiners on procedures for supervising banking activities.
The FFIEC Agencies are developing a new FFIEC Information Technology (IT) Examination Handbook to replace the 1996 FFIEC IS Examination Handbook. This update includes publishing multiple topic-based booklets that are available from the FFIEC IT Handbook InfoBase. The InfoBase also includes topic related presentations, references, and a glossary of terms. The 1996 IS Handbook remains current for examination areas, if new booklets have not been published.
- FFIEC Information Technology (IT) Examination Handbook - Booklets
|
Published Booklets
|
|
- Audit (August 2003)
- Business Continuity Planning (March 2003)
- Electronic Banking (August 2003)
- FedLine (August 2003)
- Information Security (December 2002)
- Supervision of Technology Service Providers (March 2003)
|
|
- FFIEC Information Systems (IS) Handbook (1996)
- Comptroller's Corporate Manual, The Internet and the National Bank Charter Handbook (2001)
|
|
Current
OCC Regulation |
The OCC has issued the following regulation regarding electronic
banking activities by national banks. The final rule published in May 2002,
establishes a new subpart 7 of OCC regulations that addresses the authority of
national banks to conduct activities by electronic means and codifies many of
the OCC’s prior interpretations
on electronic banking found on this website.
|
Date & Title |
Downloads |
5/16/2002
OCC Issues Final Rule on Electronic Banking |
Release
2002-44 |
WORD
ASCII |
Final
Rule on Electronic Banking |
PDF |
|
OCC
Bulletins, Advisory Letters, and Alerts
|
These issuances provide information to banks and examiners on areas
of continuing concern and advise bankers and bank directors about activities
and situations that could affect the safe and sound management of their banks.
|
Date & Title |
Downloads |
12/09/2003
Risk Management of Wireless Networks |
Advisory 2003-10 |
WORD ASCII |
10/02/2003
FFIEC Information Technology Examination
Handbook: E-Banking, Audit, and FedLine Booklets |
OCC 2003-41 |
WORD
ASCII |
FFIEC
press release |
PDF |
FFIEC IT
Examination Handbook |
HTML |
E-banking
Booklet |
HTML |
Audit
Booklet |
HTML |
Fedline
Booklet |
HTML |
09/12/2003
Customer Identity Theft: E-Mail-Related Fraud Threats |
Alert 2003-11 |
WORD ASCII |
6/24/2003
Suspicious Activity Report: Revised Form |
OCC 2003-27 |
WORD
ASCII |
Revised Form |
HTML |
06/12/2003
Threat Posed by New Virus (Bugbear.B) |
Alert
2003-9 |
WORD ASCII |
05/21/2003
FFIEC Information Technology Examination
Handbook: Business Continuity Planning and Supervision of Technology Service
Providers Booklets |
OCC
2003-18 |
WORD ASCII |
FFIEC
Press Release |
HTML |
Links
to booklets on FFIEC Handbook InfoBase |
HTML |
04/23/2003
Weblinking: Interagency Guidance on
Weblinking Activity |
OCC
2003-15 |
WORD ASCII |
Interagency
Guidance |
PDF |
News
Release 2003-33 |
HTML |
04/08/2003
Interagency Paper On Sound Practices To
Strengthen the Resilience Of The U.S. Financial System |
OCC
2003-14
|
WORD
ASCII |
Interagency
Paper |
PDF |
News
Release 2003-28 |
HTML |
03/27/2003
Telecommunications Service Priority (TSP)
Program: FBIIC Policy on Sponsorship of TSP for Private Sector Entities
|
OCC
2003-13
|
WORD
ASCII |
FBIIC
Policy |
HTML |
FRB
Sponsorship: Notice |
PDF |
2/05/2003
FFIEC Information Security Booklet:
Information Security Guidance |
OCC
2003-4 |
WORD
ASCII |
FFIEC
Press Release |
HTML |
FFIEC
IT Handbook InfoBase |
HTML |
FFIEC
Information Technology Examination Handbook |
HTML |
05/28/2002
Electronic Banking: Final Rule |
OCC
2002-23 |
WORD
ASCII |
Electronic
Activities: Final Rule |
PDF |
5/15/2002
Bank Use of Foreign-Based Third-Party Service
Providers |
OCC
2002-16 |
WORD
ASCII |
1/14/2002
ACH Transactions Involving the Internet:
Guidance and Examination Procedures |
OCC
2002-2 |
WORD
ASCII |
11/1/2001
Third-Party Relationships: Risk Management
Principles
|
OCC
2001-47 |
WORD
ASCII |
News
Release 2001-92 |
WORD
ASCII |
7/30/2001
Authentication in an Electronic Banking Environment |
Advisory
Letter 2001-8 |
WORD
ASCII |
FFIEC
guidance: Authentication in an Electronic Banking Environment
|
PDF |
7/18/2001
Examination Procedures to Evaluate Compliance
with the Guidelines to Safeguard Customer Information
|
OCC
2001-35 |
WORD
ASCII |
Examination
Procedures |
PDF
|
Information
Technology Portion of draft Community Bank Supervision booklet |
PDF
|
5/25/2001
Privacy of Consumer Financial Information |
OCC
2001-26 |
WORD
ASCII |
Privacy
Examination Procedures |
PDF |
5/11/2001
Brokered and Rate-Sensitive Deposits |
Advisory
Letter 2001-5 |
WORD
ASCII |
Joint
Agency Advisory |
PDF |
News
Release 2001-44 |
WORD
ASCII
|
4/30/2001
Identity Theft and Pretext Calling |
Advisory
Letter 2001-4 |
WORD
ASCII |
Brochure |
PDF |
News
Release 2001-41 |
WORD
ASCII |
4/27/2001
Uniform Standards for the Electronic Delivery
of Disclosures; Regulations M, Z, B, E and DD |
OCC
2001-23 |
WORD
ASCII |
Interim
Rule;
Request for Comments |
HTML |
Interim
Rule;
Request for Comments |
HTML |
Interim
Rule;
Request for Comments |
HTML |
Interim
Rule;
Request for Comments |
HTML |
Interim
Rule;
Request for Comments |
HTML |
4/24/2001
Network Security Vulnerabilities |
Alert
2001-4 |
WORD
ASCII |
4/16/2001
Regulation E/Electronic Funds Transfer Act |
OCC
2001-21 |
WORD
ASCII |
Final
Rule |
ASCII |
Final
Rule; Official Staff Interpretation |
ASCII |
2/28/2001
Bank-Provided Account Aggregation Services |
OCC
2001-12 |
WORD
ASCII |
2/15/2001
Guidelines Establishing Standards for
Safeguarding Customer Information |
OCC
2001-8 |
WORD
ASCII |
Final
Guidelines |
HTML |
1/29/2001
Internet-Initiated ACH Debits/ACH Risks
|
Advisory
Letter 2001-3 |
WORD
ASCII |
1/22/2001
Privacy Preparedness
|
Advisory
Letter 2001-2 |
WORD
ASCII |
Questionnaire |
WORD
ASCII |
1/17/2001
Agencies Adopt Guidelines for Customer
Information Security
|
Release
2001-4 |
WORD
ASCII |
Joint
Final Rule |
PDF |
11/28/2000
Risk Management of Outsourcing Technology
|
Advisory
Letter 2000-12 |
WORD
ASCII |
FFIEC
Press Release |
PDF |
FFIEC
Policy Statement |
PDF |
09/08/2000
Privacy Laws and Regulations |
OCC
2000-25 |
WORD ASCII |
Privacy
Laws and Regulations |
PDF |
07/19/2000
Protecting Internet Addresses of National
Banks |
Alert
2000-9 |
WORD
ASCII |
Release
2000-53 |
WORD
ASCII
|
06/22/2000
Privacy of Consumer Financial
Information--Final Rule |
OCC
2000-21 |
WORD
ASCII |
Summary |
WORD
ASCII |
Final
Rule |
ASCII |
06/19/2000
Suspicious Activity Report |
OCC
2000-19 |
WORD
ASCII |
SAR
Form and Guidance (FinCEN) |
HTML
|
OCC
News Release
2000-45
|
WP
ASCII |
05/15/2000
Infrastructure Threats-Intrusion
Risks---Message to Bankers and Examiners |
OCC
2000-14 |
WORD
ASCII
|
5/10/2000
Agencies Approve Final Regulations For
Privacy Of Consumer Financial Information |
Release
2000-32 |
WORD
ASCII |
Privacy
Of Consumer Financial Information
|
PDF |
3/22/2000
Technology Risk Management Lessons from Year 2000
|
Advisory
Letter 2000-2 |
WORD
ASCII |
FFIEC
urges financial institutions not to forget lessons learned from Year 2000
project |
PDF |
Lessons
learned from the Year 2000 project |
PDF |
2/11/2000
Internet Security: Distributed Denial of
Service Attacks
|
Alert
2000-1
|
WORD
ASCII
|
9/27/99
Interim Rule Electronic Delivery of
Disclosures |
OCC
99-35 |
WORD
ASCII |
Interim
Rule |
ASCII |
5/4/99
Certification Authority Systems |
OCC
99-20 |
WP
ASCII |
5/4/99
Guidance to National Banks on Web Site
Privacy Statements
|
Advisory
Letter 99-6 |
WP
ASCII |
03/29/99
Fair Credit Reporting Act |
Advisory Letter 99-3 |
WP ASCII |
7/30/98
FFIEC Guidance on Electronic Financial
Services and Consumer Compliance
|
OCC
98-31 |
WP
ASCII |
FFIEC
Guidance |
PDF |
Compliance
Issues Involving Electronic Services |
PDF |
5/12/98
Branch Names (multiple trade names) |
OCC
98-22 |
WP
ASCII |
Interagency
Statement (Additional Guidance)
|
PDF |
Interpretive
Letter No. 881 |
PDF |
2/4/98
Technology Risk Management |
OCC
98-3 |
WP
ASCII |
11/19/97
Reporting Computer Related Crimes
|
Advisory
Letter 97-9 |
WP
ASCII |
9/10/96
Stored Value Card Systems--Information for
Bankers and Examiners
|
OCC
96-48 |
WP
ASCII |
2/24/94
Nondeposit Investment Sales Examination
Procedures |
OCC
94-13 |
WP
PDF |
Joint
Agency
Interpretation |
WP ASCII |
7/24/91
Social Security Numbers As Personal
Identification Numbers |
Advisory
Letter 91-4 |
WP
PDF |