Smart Devices & Their Future Cousins Require Smart Decisions
As Technology Breeds Unthinkable Ways of Transacting Business, Risks from Well Established Methods and Continuously Emerging Ones Still Lurk
By Lori Moore, CRCM, Director of Compliance

Thirty years ago, the ATM, was the latest innovation that allowed banks to offer the convenience of 24/7 account access at multiple locations throughout the country. The concept was forging a path to unchartered territories and was the first step of many that ultimately revolutionized banking.  

It took a few adventuresome institutions willing to risk the unknown and a demographic of young consumers who loved the ATM’s novelty and convenience to make it a viable reality. More risk-averse institutions soon joined in so as not to lose existing or potential customers to the pioneers, and older consumers came to trust the ATM as they saw it proliferate into the mainstream.    
 




GLBA Today - Does Your Information Security Program Still Comply?

In response to the requirements set forth by the Gramm-Leach-Bliley Act (GLBA) of 1999, the Interagency Guidelines Establishing Information Security Standards were jointly issued and codified by each federal banking agency. As a result, each financial institution is required to develop a comprehensive risk-based information security program that includes administrative, technical, and physical safeguards which address and mitigate the various security risks within your entire organization. Designed in accordance with the Interagency Guidelines as well as related guidance issued by the FFIEC, this webinar features revised content and focuses on the required program components and the ongoing process of risk assessment and management.

Speaker: 

Lori Moore, CRCM 
Director of Compliance
ATTUS Technologies

2/22/2011 3:00PM to 4:00PM ET





Question: The definition of a PEP is very broad. The list was not developed using a risk-based approach. What are some of the risk-based criteria that can be used to evaluate a person who appears on the List?

Answer:  
A PEP or “politically exposed person” is defined to include a current or former senior foreign political figure, their immediate family, and their close associates. Although lists that identify known PEPs are available, as you have correctly noted, the term is broadly defined to include family members and close associates, which makes it almost impossible to compile a list that is all inclusive. Therefore, checking available lists can be an effective tool and is a very good first step to take in your process. Enhanced due diligence should also be conducted to help identify PEPs and to assess the risk of the relationship as well. 

When determining whether an individual is a PEP or not, you should consider factors such as the official responsibilities of the individual’s office, nature of the title, level and nature of authority or influence over government activities or other officials, and access to significant government assets or funds. Additional factors include source of income, financial information, and professional background.

To assess the risk of the relationship, consideration should be given to the PEP’s geographic location, industry or sector, position, and level or nature of influence or authority. The purpose of the account, the actual or anticipated activity, products and services used, and size or complexity of the account relationship should also be considered when evaluating the associated risk. It’s important to remember that identifying a customer as a PEP doesn’t necessarily mean it is a high-risk account. This must be evaluated on a case-by-case basis. 

For additional information, you can refer to FDIC FIL-6-2001 - "Guidance on Enhanced Scrutiny for Transactions that may Involve the Proceeds of Foreign Official Corruption"

Got a question on a tricky regulation? We want to hear from you.  Submit your question and an expert will answer it in a future issue.



New Age of Mobile Malware on Way
Designed to exploit the unique features of mobile handsets 
George Hulme, InformationWeek.com

People carry their mobile handsets everywhere. And they're increasingly using their smartphones as the portals into their lives: GPS navigation, social networking, camera, and staying in touch via e-mail and, sometimes, even phone calls.

Such as the Geinimi Trojan, we covered in December, that was targeting Android phones. Or the virus that infected 1 million cell phones in China, and would automatically send text messages. There have been many others, including proof-of-concept viruses and bogus applications aimed at app stores.

Recently researchers at the City University of Hong Kong and Indiana University decided to see what malware they could develop that would take advantage of some of the capabilities specific to mobile handsets. 

Final Rule: Cuban Assets Control Regulations
OFAC, edocket.access.gpo.gov

Effective January 28, 2011, OFAC amended the Cuban Assets Control Regulations to continue efforts to reach out to the Cuban people in support of their desire to freely determine their country’s future.

These amendments implement policy changes designed to increase people-to-people contact, support civil society in Cuba, enhance the free flow of information to, from, and among the Cuban people, and help promote their independence from Cuban authorities. For more info...



Three Times You Have to Speak Up
"Should I speak up?" versus "When should I speak up?"
Nilofer Merchant, HarvardBusinesReview.com

It was said of Abbot Agatho that for three years he carried a stone in his mouth until he learned to be silent. 

I was thinking about that story by Thomas Merton during a recent board meeting. The CEO and CFO were marching through their 112-slide presentation. Recent market updates, a technical deconstruction of various trends, then product frameworks — all in quick succession.

One board member sighed deeply. Another glanced surreptitiously down at the BlackBerry in his lap, perhaps thinking no one would notice. Some of the other people at the table were staring out the window at the grey day. It was not a highly engaged moment — but it was an all-too familiar one.