The OCC today issued a bulletin for community banks on the legal requirements for protecting non-public OCC information in video teleconferencing services. Banks and other parties in possession of such information—such as supervisory correspondence and investigatory files—are prohibited from disclosure without the agency’s prior approval, except in very limited circumstances, according to the OCC. The agency listed several security expectations for any videoconference in which non-public OCC information will be communicated. They include using an encrypted connection, moderating the meetings, making no recordings or transcriptions, and ensuring the videoconference service is securely configured and routinely patched to protect against cyber intrusion.
OSHA releases framework for investigating retaliation for BSA, sanctions whistleblowing
Interim final rule establishes procedures for investigating complaints of employer retaliation for reporting possible violations of the Bank Secrecy Act and sanctions laws. It does not apply to bank employees.