Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations

FDIC Federal Register Citations

via email

From: SCaldwell
Sent: Monday, October 13, 2003 5:35 PM
To: Comments;;;
Subject: FIL comment

October 13, 2003
Public Information Room
Office of the Comptroller of the Currency
250 E Street, SW, Mailstop 1-5
Washington, DC 20219
ATTN: Docket No. 03-18
Jennifer J. Johnson
Board of Governors of the Federal Reserve System
20th Street and Constitution Avenue, NW
Washington, DC 20551
ATTN: Docket No. OP-115
Robert E. Feldman
Federal Deposit of Insurance Corporation
550 17th Street, NW
Washington, DC 20429
Regulation Comments
Chief Counsel's Office
Office of Thrift Supervision
1700 G Street, NW
Washington, DC 20552
ATTN: Docket No. 03-35

Re: Proposed Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice

Dear Sirs or Madams:

This comment is submitted on behalf of Beal Bank in response to the Notice and Request for Comment issued by the Federal Deposit Insurance Corporation, Federal Reserve Board, Office of the Comptroller of the Currency and Office of Thrift Supervision (collectively, "the Agencies") regarding the "Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice" ("Proposed Guidance").

The proposed guidance fulfills a requirement in section 501 (b) of the Gramm-Leach-Bliley Act and the Interagency Guidelines Establishing Standards for Safeguarding Customer Information and describes the Agencies' expectations regarding the response programs that a financial institution should develop to protect against and address reasonably foreseeable risks associated with internal and external threats to the security of customer information maintained by the financial institutions or its service provider.

The Proposed Guidance states that "when a checking, savings, or other deposit account number, debit, or credit card account number, personal identification number [PIN], password, or other unique identifier has been accessed or misused, the financial institution should secure the account, and all other accounts and bank services that can be accessed using the same account number or name and password combination until such time as the financial institution and the customer agree on a course of action." Given the Proposed Guidance's language, the exact meaning of "secure accounts," is not clear.

Does "secure the account" mean to close the account? Or does "secure" mean an action that blocks its use in all situations, such as a "freeze?" Although the bank is not opposed to securing the account, we suggest that accounts should only be closed when the risk of fraud is imminent and only after the customer has been notified. Requiring that all accounts be closed in all instances will place unnecessary burden on the customer with the time spent transferring account activity. We also suggest that accounts be "secured" at the discretion of the financial institution and the customer.

Clarification on this component of the response system would be greatly appreciated. If you have any questions regarding the matters discussed in this comment, please do not hesitate to contact us.

Thank you.

Molly Curl, SVP Compliance
Beal Bank - Plano, Texas

Last Updated 10/14/2003

Skip Footer back to content