|Title:||Office of the Comptroller of the Currency (OCC) – Electronic Banking Guidance|
Note: the OCC Electronic Banking Guidance covers a variety of documents of varying relevance to this study. This profile will summarise only the key tenets of these documents.
|Topic:||Good practices disseminated by the U.S. Office of the Comptroller of the Currency (OCC) on a variety of documents in connection with electronic banking.|
|Direct / indirect relevance||Direct. The text focuses on financial RM/RA practices in electronic banking, including a variety of subjects with regard to network/information security.|
|Scope:||The documents contain a number of recommendations and good practices with regard to common risks for e-banking services. The guidance is specifically targeted towards U.S. banking institutions, given the OCC’s status as a bureau of the U.S. Department of the Treasury (albeit with an office in London to supervise the international activities of these U.S. banks).|
|Legal force:||Not legally binding to non-U.S. banks|
|Affected sectors:||Electronic banking institutions.|
|Relevant provision(s):||The OCC Electronic Banking Guidance covers a variety of documents of varying relevance to this study, all of which can be accessed through http://www.occ.treas.gov/netbank/ebguide.htm.
Covered topics include:
• On-line identity theft, phishing mails and spoofed web sites
• Software licensing policies (specifically the use of free and open source (FOSS) software
• Customer authentication
• Electronic record keeping
• Wireless networking
• Web linking
• Third party service providers
• Privacy and safeguarding customer information
• Technology risk management
|Relevance to RM/RA:||The OCC acts as a supervisory authority to U.S. banks, but has no legal authority over European institution. None the less, given the global character of financial services, compliance with OCC Guidance documents is recommended.
It should be noted that most of the OCC Guidance documents are fairly high level, and should be indicative of the subject matter to be analysed and assessed by banking institutions, rather than serving as a yardstick to identify actual problems.