Western Independent Banker - January/February 2008 - (Page 15) By Angela Shoemaker all rules and regulations that apply in your physical location also apply on the Internet. However, as mentioned by the FFIEC in their E-Banking Booklet—dated August 2003, there are several other regulatory and legal challenges such as: • Uncertainty over legal jurisdictions and which state’s or country’s laws govern a specific e-banking transaction. • Delivery of the required credit and deposit related disclosures. • Record retention for on-line advertising, applications, disclosures and notices. • Establishment of legally binding electronic agreements. In order to help identify and manage the various compliance and legal risks, institutions should involve their compliance officers and legal counsel in the initial risk assessment and implementation processes for the establishment of Internet banking activities. Depending on the types of services offered, applicable regulations might include: • State and federal privacy regulations • State breach notification requirements • GLBA Information Security Requirements • Computer fraud statutes • Consumer protection regulations (e.g. Regulations, Z, B, E, and DD) • The Bank Secrecy Act • The U.S. Patriot Act • OFAC (Office of Foreign Asset Control) • The CAN SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act—2003) • UCC (Uniform Commercial Code) • NACHA Rules • FCRA (Fair Credit Reporting Act) • FACT Act (The Fair and Accurate Credit Transactions Act - 2003, ID Theft Red Flags) • E-Sign (The Electronic Signatures in Global and National Commerce Act 2000) • UETA (Uniform Electronic Transaction Act - 1999) • Proposed Reg GG (Prohibition on Funding of Unlawful Internet Gambling) Western Independent Banker Want to Learn More? The following list of resources can assist institutions in compliance risk management on the Internet. The Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbooks • http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.html The Federal Trade Commission has very good resources on Internet advertising, the prevention of identify theft, and compliance with the Children’s Online Privacy Protection Act (COPPA). • http://www.ftc.gov/bcp/edu/microsites/idtheft/ • http://www.ftc.gov/bcp/conline/edcams/kidzprivacy/index.html Several federal and state regulators (NCUA, FDIC, OCC) have specific sections of their Web sites devoted to Internet banking and e-commerce related topics. • FDIC’s Financial Institution Letters on E-Banking http://www.fdic.gov/regulations/information/fils/index.html • NCUA Guidance on Information Systems and Technology http://www.ncua.gov/IST/index.htm • Office of the Comptroller of the Currency http://www.occ.treas.gov/netbank/netbank.htm Numerous trade association and commercial resources are also available to assist institutions in establishing Internet-related services. Institution Risk Management Processes Financial institutions that offer Internet banking services should expand their information security programs to address online services. An institution’s risk management processes for Internet banking services may also include: • Comprehensive Internet banking policy and daily operating procedures for granting online account access, account reconciliations, and review of daily system reports. • Compliance and/or legal review of all Internet disclosures, forms, and customer agreements. Institutions will need to ensure consistency of online disclosures with disclosures provided off-line. • Review of Web site advertising and control processes for making Web site changes. • Establishment of record retention requirements for various system generated reports, emails, and advertisements displayed on Web sites. • Back-up copies of Web sites and/or system related software (if applicable). • Annual internal audits and compliance reviews to review adherence to policy guidelines. • Periodic reporting to the board of directors or executive management on system availability and customer adoption rates. Continued new legislation and the lack of clear guidance in some areas can make compliance on the Internet challenging. Financial institution compliance officers and their service providers must remain ever-vigilant to stay apprised of the evolving regulatory environment and risks associated with Internet banking. Angela Shoemaker is financial in stitution compliance manage r for FundsXpress Financial Network, Inc. in Austin, Tex. She can be reached at 1-800- 419-8804 ext. 2563 or angela . shoemaker@fxfn.com. 15 January/February 2008 http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.html http://www.ftc.gov/bcp/edu/microsites/idtheft/ http://www.ftc.gov/bcp/conline/edcams/kidzprivacy/index.html http://www.fdic.gov/regulations/information/fils/index.html http://www.ncua.gov/IST/index.htm http://www.occ.treas.gov/netbank/netbank.htm
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.