ONLINE BANKING SECURITY INFORMATION
The Federal Financial Institutions Examination Council (FFIEC) recently issued new supervisory guidance designed to help make online transactions more secure. The new guidance is in response to an ever more dangerous online threat environment. Scams and hacking techniques are more sophisticated, new threats are continually being developed, and organized crime groups both in the United States and internationally have become a major force in expanding online fraud and theft.
Bank of Vernon and your Log-In Credentials
We will never call, email or otherwise contact you to request your access ID, password, or other log-in credentials for the online services we offer. If you receive such a request, do not provide any information.
REPORTING SUSPICIOUS ACTIVITY
If you see suspicious activity on your account(s) or have received a suspicious call, email, letter or other similar contact regarding your relationship to Bank of Vernon, call (205) 695-7141.
PROTECT YOURSELF BY CONTROLLING ONLINE RISKS
While online banking is safe, as a general rule you should always be careful about giving out your personal financial information over the Internet. Review the following tips to protect your personal information while using the Internet.
- Regularly log into your online accounts to verify that your bank, credit, and debit card statements and transactions are legitimate.
- Be suspicious of any e-mail with urgent requests for personal financial information.
- If you receive an unsolicited e-mail from any source asking you to click on a link to visit a site and input personal data, be very wary of it.
- Be cautious about opening any attachments or downloading any files from e-mails, regardless of who sent them.
- Instead of clicking on links in emails, type in the URL that you're familiar with, such as www.bankofvernon.com or select the Web address saved in your browser's "Favorites".
- If an offer sounds too good to be true, it probably is and should be avoided.
- If you have any doubts about the validity of an email, contact the sender using a telephone number you know to be genuine.
- Before you initiate an online transaction, make sure your personal information is protected by looking for indicators that the site is secure. URLs for secure sites typically begin with "https" instead of "http" and display a lock in the lower right corner of your browser.
- Use anti-virus software and keep it up-to-date.
- Make sure you have applied the latest security patches for your computer. Most software providers, like Microsoft, offer free security patches.
- If you have broad-band Internet access, such as cable modem or DSL, make sure that you have a firewall.
We take numerous steps to keep your account information secure. However, you must take precautions as well.
- Choose a good passcode - Your online passcode, along with your access ID, authenticate your identity when accessing online accounts. You should carefully select a passcode that is difficult to guess and not use personal information or a word that can be found in the dictionary.
- Keep your passcode safe - Even the best passcode is worthless if it's written on a note attached to your computer or kept in your checkbook. Memorize your passcode and never tell it to anyone.
- Change your passcode regularly - It's important to change your passcode regularly. Every time you choose a new passcode, our online banking system runs a quick program to test its safety. If we can guess it, we will immediately ask you to choose another one.
- Remember to log off properly - You may not always be at your own computer when banking online. Therefore, it's important to log off using the "log off" link at the top of each Internet banking page. If you forget to do so, the system automatically signs you off after 10 minutes of inactivity.
CONSUMER PROTECTION - REGULATION E
Regulation E provides rules for error resolution and unauthorized transactions for electronic fund transfers, which includes most transactions processed online. In addition, it establishes limits to your financial liability for unauthorized electronic fund transfers. These limits, however, are directly related to the timeliness of your detection and reporting of issues to Bank of Vernon. It is for this reason that we encourage you to immediately review periodic account statements and to regularly monitor your account activity online.
The "Electronic Fund Transfers" disclosure provided to you at the time of account opening provides detailed information. We will provide to you, upon request, a free printed copy of this disclosure.
Web Resources - Learn more and do more to protect yourself online!
Consumer Alerts and online security tips on the FTC website
Scams and Fraud and tips to avoid becoming a victim- Go to FBI website
Recent scams and how to report scams - Go to the IC3 website, a partnership of the FBI, the National White Collar Crime Center, and the Bureau of Justice:
ADDITIONAL INFORMATION FOR BUSINESS USERS OF ONLINE SERVICES
The new FFIEC Guidance takes note that business transactions, because of their frequency and dollar value, are inherently more risky than consumer transactions. The Guidance also notes the steep rise of online account takeovers and unauthorized online fund transfers related to business accounts in the last five years.
Recently, small- to medium-sized businesses have been primary targets as cyber criminals have recognized that the security controls they have in place are not as robust as that of larger businesses. Analysis indicates enhanced controls over administrative access and functions related to business accounts and layered security using multiple and independent controls would help to reduce these types of crime.
The FFIEC Guidance suggests enhanced controls for businesses:
Business customers should be encouraged to perform a periodic risk assessment and an evaluation of the effectiveness of the controls they have in place to minimize the risks of online transaction processing.
The protecting yourself by controlling online risks tips above provide a starting point for this process and the web resource links provide additional detailed information.
The FTC Business Center has a great deal of information for businesses at
Business customers should understand the security features of the software and websites they utilize and take advantage of these features. Segregation of duties-the process of separating duties so no one person can perform all steps of a transaction-is an example of a very important security feature.
Layered security options that may be available to business customers doing online transactions include transaction thresholds, out-of-band verification (such as telephone or email verifications), fraud detection and monitoring systems, and IP reputation-based services. The Guidance encourages establishing layered security processes.
First Vernon Bancshares, Inc.
Excessive Expenditures Policy
Dated: September 11, 2009
As a participant in the Capital Purchase Program (the "CPP") being administered by the United States Department of the Treasury ("Treasury"), First Vernon Bancshares, Inc. is adopting this Excessive Expenditures Policy (this "Policy") pursuant to the requirements of the American Recovery and Reinvestment Act of 2009, as implemented by the Interim Final Rule published June 15, 2009, by Treasury. Once this Policy has been adopted, a copy of this Policy will be provided to Treasury and Federal Reserve Bank of Atlanta and the text of this Policy will be posted on the Bank of Vernon's Internet website. Moreover, First Vernon Bancshares, Inc. will maintain this Policy during the remainder of its CPP participation, and, in the event the Board of Directors adopts any material amendment to this Policy, within 90 days of such amendment First Vernon Bancshares, Inc. will provide the amended policy to Treasury Federal Reserve Bank of Atlanta and will post the amended policy on the Bank of Vernon's Internet website.
It is the overall policy of First Vernon Bancshares, Inc. to prohibit excessive expenditures on any of the following to the extent such expenditures are not reasonable expenditures for staff development, reasonable performance incentives, or other similar reasonable measures conducted in the normal course of the First Vernon Bancshares, Inc. and Bank of Vernon's business operations:
ˇ Entertainment or events;
ˇ Office and facility renovations;
ˇ Aviation or other transportation services; and
ˇ Other similar items, activities, or events for which First Vernon Bancshares, Inc. and Bank of Vernon may reasonably anticipate incurring expenses, or reimbursing an employee for incurring expenses.
This Policy is not intended to apply to bona fide business development or marketing expenditures, provided that the expenditure in question does not involve the conferring of a significant benefit on any employee or group of employees of First Vernon Bancshares, Inc. and Bank of Vernon.
The following policies and procedures shall govern such expenditures.
II. Prohibited Expenditures
Expenditures for entertainment, events or sponsorship of events, office or facility renovations, aviation services or other transportation services, or other similar expenditures will be prohibited where First Vernon Bancshares, Inc. and Bank of Vernon have not documented its determination that such expenditure either (i) benefits current or prospective customers or other sources of new business or serves some other legitimate business development purpose, (ii) serves a bona fide staff development purpose or (iii) serves some other bona fide business purpose.
III. Expenditures Requiring Prior Approval
The following types or categories of expenditures require prior approval (in accordance with the procedures described in part IV below):
ˇ Entertainment, where the expenditure amount exceeds $25,000 per item, activity, or event or per employee receiving the item or participating in the activity or event;
ˇ Events or sponsorship of events, where the expenditure amount exceeds $25,000 per item, activity, or event or per employee receiving the item or participating in the activity or event;
ˇ Office or facility renovations, where the expenditure amount exceeds $250,000 per item, activity, or event or per employee receiving the item or participating in the activity or event;
ˇ Aviation services, where the expenditure amount exceeds $25,000 per item, activity, or event or per employee receiving the item or participating in the activity or event;
ˇ Other transportation services, where the expenditure amount exceeds $50,000 per item, activity, or event or per employee receiving the item or participating in the activity or event; and
ˇ Other similar expenditures, where the expenditure amount exceeds $50,000 per item, activity, or event or per employee receiving the item or participating in the activity or event.
IV. Approval Procedures
For expenditures requiring prior approval, such prior approval may be obtained by submitting a written request to the following person(s):
ˇ Where the amount of the proposed expenditure is less than $100,000, the written request must be approved by an appropriate superior holding the office of Vice President or higher with First Vernon Bancshares, Inc. and Bank of Vernon, as applicable.
ˇ Where the amount of the proposed expenditure is greater than or equal to $100,000 but less than $250,000, the written request must be approved by an appropriate superior who is an SEO (which generally includes the CEO, the CFO, and the three most highly compensated executive officers other than the CEO and CFO) or by an executive officer of a substantially similar level of responsibility with First Vernon Bancshares, Inc. and Bank of Vernon, as applicable.
ˇ Where the amount of the proposed expenditure is greater than or equal to $250,000, the written request must be approved by the Board of Directors of First Vernon Bancshares, Inc. and Bank of Vernon, as applicable.
V. CEO and CFO Certification of Certain Approvals
With respect to each expenditure requiring the prior approval of (i) any SEO (defined as the CEO; the CFO; the three most highly compensated executive officers other than the CEO and CFO who were serving as executive officers at the end of the last completed fiscal year; and up to two additional individuals who would qualify but for the fact that the individual was not serving as an executive officer at the end of the last completed fiscal year), (ii) any executive officer of a substantially similar level of responsibility, or (iii) First Vernon Bancshares, Inc.'s Board of Directors (or a committee of the Board), the CEO and the CFO will both certify in writing that the approval of such expenditure was properly obtained.
VI. Prompt Reporting of, and Accountability for, Violations
If any employee of First Vernon Bancshares, Inc. and Bank of Vernon becomes aware of a violation of this Policy, he or she must promptly report the violation to the Auditor. Upon receiving such a report, the Auditor must then conduct a discreet investigation, preliminary in nature, of the facts and circumstances giving rise to the allegation. If, after an appropriate investigation, the Auditor concludes there is a substantial likelihood that a violation has occurred, then the Auditor must submit to the Audit Committee of the Board of Directors a written report describing (i) the alleged violation, (ii) the Auditor's preliminary investigation into the allegation, and (iii) the reasons for the Auditor's conclusion that there is a substantial likelihood that a violation of this Policy has occurred. Upon receiving this written report, the Audit Committee will conduct a full inquiry into the facts and circumstances giving rise to the allegation.
If, after conducting a full inquiry into the facts and circumstances giving rise to the allegation, the Audit Committee determines that a violation of this Policy has occurred, the offending employee must be appropriately held accountable for the violation, in accordance with existing disciplinary policy.