The agreement,
included in a Tuesday regulatory filing by the $707 million-asset company, said the OCC "found unsafe or unsound" practices tied to IT security and controls and IT risk governance.
As a result, the bank must ensure
that it has “competent management in place,” including its CEO, chief operating
officer, chief technology officer and information security officer.
Lake Shore is
required to develop, adopt and implement a written program to effectively
assess and manage IT activities. The plan is subject to review and feedback
from the OCC.
The bank must also develop
and implement programs for information security and ACH management.
Lake Shore said its
bank is required to create a committee to monitor and oversee compliance with
the agreement and submit quarterly reports to its board and the OCC.
OCC approval will
also be required anytime the bank wants to change directors and executive
officers.
Lake Shore disclosed in March that someone gained unauthorized access to data in its internal systems. The company said that its bank experienced a data security incident in November that barred employees from accessing internal systems and data for “a limited period of time.”
The bank launched an investigation and hired a digital forensics firm to help determine the scope of the incident and identify potentially impacted data. Lake Shore also notified law enforcement and the OCC.
No comments:
Post a Comment