Guidelines for Customer Information Security
February 12, 2001
Circular No. 11322

To the Chief Executive Officers of All State Member Banks, Bank Holding Companies, Edge Corporations, and Branches and Agencies of Foreign Banks in the Second Federal Reserve District:

The federal bank and thrift regulatory agencies announced, in a press release dated January 17, 2001, the adoption of joint guidelines for safeguarding confidential customer information. Interagency standards for customer information security were proposed in June 2000 (see Circular No. 11255).

The guidelines require financial institutions to establish information security programs to identify, assess, and manage the risks that may threaten customer information. They also outline specific security measures that should be considered in implementing the security programs.

In addition, financial institutions are required to oversee arrangements that are maintained by their service providers to protect the security of customer information.

The joint guidelines (pdf - 531kb), published as Part II of the Federal Register of February 1. Questions may be directed, at this Bank, to Janice Oser, Bank Supervision Officer, Legal and Compliance Risk Department.