Internet Banking News
June 27, 1999
1) The FFIEC Internet guidelines cover the Electronic Fund Transfer Act
and Regulation E as it applies to Internet sites where debits or credits of a consumer's
account are permitted. Some points of interest:
1) Regulation E disclosures apply at the time a consumer contracts for an electronic fund
transfer service or before the first electronic fund transfer is made involving the
2) The disclosures must be clear and readily understandable, in writing, and in a form the
consumer may keep.
3) An interim rule was written that allows depository institutions to satisfy the
requirement to deliver by electronic communication any of these disclosures and other
information required by the act and regulations, as long as the consumer agrees to such
method of delivery.
When your customer applies for banking services on-line and before the request is
electronically sent to the bank's server, a web page should appear that gives the customer
the option of 1) viewing the disclosure or 2) printing the disclosure, but in either case,
this web page should state that the disclosures will be mailed to the applicant when
received by the bank.
2) Does your Internet policy cover how e-mail received is to be handled? This is no
different than letters received by the bank. E-mail should be reviewed every day, even
when someone is on vacation. For example, an employee receives an unsolicited e-mail with
an application for a real estate loan. The employee that received the e-mail application
delivers the e-mail to the appropriate department. Improper handling of a real estate loan
application, whether or not solicited, will create compliance problems.
3) FDIC is encouraging banks to put a Year 2000 link on their home page to "What
Bankers Should Know." The URL is http://www.fdic.gov/about/y2k/bank/.
I HAVE STARTED A NEW SERVICE - The examiners are requiring
the bank's Board of Directors to perform due diligence when selecting an Internet Service
Provider (ISP) to handle the bank's Internet transactional banking and annually to ensure
security of customer information. At issue is the ISP's financial condition,
contract, management, firewalls, overall security, and penetration testing.
The above information should be on file at your bank. I will review this information
and issue a written report to the Board of Directors regarding my findings. The
Electronic Banking Report will not be written in technical terminology, but will be in
layman terms so that it is understandable.
Please contact me if I can perform your due diligence regarding Internet security.