(a) This subpart is issued by the Federal Deposit Insurance Corporation (FDIC) under section 3 of the Bank Protection Act of 1968 (12 U.S.C 1828), and sections 501 and 505(b)(1) of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 and 6805(b)(1)), and section 628 of the Fair Credit Reporting Act (15 U.S.C. 1681w). This subpart is applicable to State savings associations. It requires each State savings association to adopt appropriate security procedures to discourage robberies, burglaries, and larcenies and to assist in the identification and prosecution of persons who commit such acts. Section 391.5 is applicable to State savings associations and their subsidiaries (except brokers, dealers, persons providing insurance, investment companies, and investment advisers). Section 391.5 requires covered institutions to establish and implement appropriate administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.
(b) It is the responsibility of a State savings association's board of directors to comply with this regulation and ensure that a written security program for the State savings association's main office and branches is developed and implemented.