The agencies recognize that not every financial institution currently has a response program that is consistent with the interpretive guidance. The agencies will take into account the good faith efforts made by each institution to develop a response program that is consistent with the interpretive guidance, however; any financial institution experiencing a breach in security that includes unauthorized access to customer information is expected to respond promptly in a manner consistent with the guidance, and provide customer notice, if warranted.
The interpretive guidance states that financial institutions should develop and implement a response program designed to address incidents of unauthorized access to sensitive customer information maintained by the financial institution or its service provider.
The interpretive guidance describes the appropriate elements of a financial institution's response program, including customer notification procedures. The guidance is effective immediately. Financial institutions should implement the guidance as soon as possible. Financial Institution Letters FIL April 1, Final Guidance on Response Programs Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice The Federal Financial Institutions Examination Council FFIEC agencies are issuing the attached interpretive guidance stating that every financial institution should develop and implement a response program designed to address incidents of unauthorized access to sensitive customer information maintained by the financial institution or its service provider.
The notice should include the following items: Description of the incident; Type of information subject to unauthorized access; Measures taken by the institution to protect customers from further unauthorized access; Telephone number customers can call for information and assistance; and Remind customers to remain vigilant over next twelve to twenty four months, and report suspected identity theft incidents to the institution.
Michael J. FIL April 1, The Guidance identifies actions that will be considered strong evidence of compliance with Title VI obligations. Failure to provide written translations under these cited circumstances does not mean that the recipient is in noncompliance. Rather, the "safe harbors" provide a starting point for recipients to consider:. When HUD conducts a review or investigation, it will look at the total services the recipient provides, rather than a few isolated instances.
Question: Is the recipient expected to provide any language assistance to persons in a language group when fewer than 5 percent of the eligible population and fewer than 50 in number are members of the language group?
Question: Are there "safe harbors" provided for oral interpretation services? Sandoval [ S. Question: What are the obligations of HUD recipients if they operate in jurisdictions in which English has been declared the official language? You may also email your question. Skip to main content. Who are limited English proficient LEP persons? What is expected of recipients under the Guidance? What is the four-factor analysis? What are examples of language assistance?
What is a vital document? How may a recipient determine the language service needs of a beneficiary? How may a recipient's limited resources be supplemented to provide the necessary LEP services? May recipients rely upon family members or friends of the LEP person as interpreters?
Are leases, rental agreements and other housing documents of a legal nature enforceable in U. What is a "safe harbor? Is the recipient expected to provide any language assistance to persons in a language group when fewer than 5 percent of the eligible population and fewer than 50 in number are members of the language group? When evaluating the adequacy of a national bank's information security program required by the Security Guidelines, the OCC will consider whether the bank has developed and implemented a response program including notification procedures as described in the guidance.
The OCC will take into account the good faith efforts made by each bank to develop a response program that is consistent with the guidance, together with all other relevant circumstances.
The OCC may treat a bank's failure to implement the final guidance as a violation of the Security Guidelines that are enforceable under the procedures set forth in 12 USC p-1, or as an unsafe and unsound practice under 12 USC Office of the Comptroller of the Currency.
About About Overview. Topics Overview.
0コメント