Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

FDIC Law, Regulations, Related Acts

[Table of Contents] [Previous Page] [Next Page] [Search]

2000 - Rules and Regulations


Subpart A Security Procedures


391.1 Authority, purpose, and scope.
391.2 Designation of security officer.
391.3 Security program.
391.4 Report.
391.5 Protection of customer information.

Subpart B—E [Reserved]

Authority:12 U.S.C. 1819 (Tenth). Subpart A also issued under 12 U.S.C. 1462a; 1463; 1464; 1828; 1831p-1; 1881--1884; 15 U.S.C. 1681w; 15 U.S.C. 6801; 6805. Subpart C also issued under 12 U.S.C. 1462a; 1463; 1464; 1828; 1831p-1; and 1881- 1884; 15 U.S.C. 1681m; 1681w. Subpart D also issued under 12 U.S.C. 1462; 1462a; 1463; 1464; 42 U.S.C. 4012a; 4104a; 4104b; 4106; 4128. Subpart E also issued under 12 U.S.C. 1467a; 1468; 1817; 1831i.

SOURCE:  The provisions of this Part 391, appear at 76 Fed. Reg. 478411, August 5, 2011, effective July 22, 2011.

Subpart A—Security Procedures

§ 391.1 Authority, purpose, and scope.

(a)  This subpart is issued by the Federal Deposit Insurance Corporation (FDIC) under section 3 of the Bank Protection Act of 1968 (12 U.S.C 1828), and sections 501 and 505(b)(1) of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 and 6805(b)(1)), and section 628 of the Fair Credit Reporting Act (15 U.S.C. 1681w). This subpart is applicable to State savings associations. It requires each State savings association to adopt appropriate security procedures to discourage robberies, burglaries, and larcenies and to assist in the identification and prosecution of persons who commit such acts. Section 391.5 is applicable to State savings associations and their subsidiaries (except brokers, dealers, persons providing insurance, investment companies, and investment advisers). Section 391.5 requires covered institutions to establish and implement appropriate administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

(b)  It is the responsibility of a State savings association's board of directors to comply with this regulation and ensure that a written security program for the State savings association's main office and branches is developed and implemented.

[Codified to 12 C.F.R. § 391.1]

§ 391.2  Designation of security officer.

Within 30 days after the effective date of insurance of accounts, the board of directors of each State savings association shall designate a security officer who shall have the authority, subject to the approval of the board of directors, to develop, within a reasonable time but no later than 180 days, and to administer a written security program for each of the State savings association's offices.

[Codified to 12 C.F.R. § 391.2]

§ 391.3 Security program.

(a)  Contents of security program. The security program shall:

(1)  Establish procedures for opening and closing for business and for the safekeeping of all currency, negotiable securities, and similar valuables at all times;

(2)  Establish procedures that will assist in identifying persons committing crimes against the State savings association and that will preserve evidence that may aid in their identification and prosecution. Such procedures may include, but are not limited to:

(i)  Maintaining a camera that records activity in the office;

(ii)  Using identification devices, such as prerecorded serial-numbered bills, or chemical and electronic devices; and

(iii)  Retaining a record of any robbery, burglary, or larceny committed against the State savings association;

(3)  Provide for initial and periodic training of officers and employees in their responsibilities under the security program and in proper employee conduct during and after a burglary, robbery, or larceny; and

(4)  Provide for selecting, testing, operating and maintaining appropriate security devices, as specified in paragraph (b) of this section.

(b)  Security devices. Each State savings association shall have, at a minimum, the following security devices:

(1)  A means of protecting cash and other liquid assets, such as a vault, safe, or other secure space;

(2)  A lighting system for illuminating, during the hours of darkness, the area around the vault, if the vault is visible from outside the office;

(3)  Tamper-resistant locks on exterior doors and exterior windows that may be opened;

(4)  An alarm system or other appropriate device for promptly notifying the nearest responsible law enforcement officers of an attempted or perpetrated robbery or burglary; and

(5)  Such other devices as the security officer determines to be appropriate, taking into consideration:

(i)  The incidence of crimes against financial institutions in the area;

(ii)  The amount of currency and other valuables exposed to robbery, burglary, or larceny;

(iii)  The distance of the office from the nearest responsible law enforcement officers;

(iv)  The cost of the security devices;

(v)  Other security measures in effect at the office; and

(vi)  The physical characteristics of the structure of the office and its surroundings.

[Codified to 12 C.F.R. § 391.3]

§ 391.4  Report.

The security officer for each State savings association shall report at least annually to the State savings association's board of directors on the implementation, administration, and effectiveness of the security program.

[Codified to 12 C.F.R. § 391.4]

§ 391.5  Protection of customer information.

State savings associations and their subsidiaries (except brokers, dealers, persons providing insurance, investment companies, and investment advisers) must comply with the Interagency Guidelines Establishing Information Security Standards set forth in appendix B to subpart B. Supplement A to appendix B to subpart B provides interpretive guidance.

[Codified to 12 C.F.R. § 391.5]

Subpart B—E [Reserved]

[Table of Contents] [Previous Page] [Next Page] [Search]

Last Updated October 30, 2015
Skip Footer back to content