To use electronic means and facilities under this subpart, a Federal savings association's management must:
(a) Identify, assess, and mitigate potential risks and establish prudent internal controls; and
(b) Implement security measures designed to ensure secure operations. Such measures must be adequate to:
(1) Prevent unauthorized access to the savings association's records and its customers' records;
(2) Prevent financial fraud through the use of electronic means or facilities; and
(3) Comply with applicable security devices requirements of part 168 of this chapter.