These "new" regulations "to be issued" are scrambling to catch up with previous and current practices. It doesn't change things at all. When they issued the new export regulations in January, the glaring hole was the absence of an explicit exception for the financial industry. Under the customs that evolved around ITAR, you could get an export license for strong crypto as long as the overseas customer was a financial institution. This announcement is simply a public acknowledgment that the BXA will look favorably on export requests to banks and that someday they'll try to draft specific regulations on the subject. Meanwhile you do it by grinding through the bureacracy. Export permission for strong crypto that only encrypts financial data is clearly a variant of this tradition. They already granted export permission for one vendor of such a system, so I'm not surprised they're planning to make up a regulation to cover it. Rick. smith@securecomputing.com