10 Regulatory Requirements & Issues with E-Banking
10 Regulatory Requirements & Issues with E-Banking
TechnologyComplianceFrontline & New AcctsSenior ManagementIRAFraud & SecurityOperations
Do you know about the significant changes impacting electronic payments in 2022 and beyond? Keep reading to learn more about the 10 regulatory requirements & issues with e-banking.

10 Regulatory Requirements & Issues with E-Banking

“When you have online technology, it does bring up some risk.” Compliance expert, Susan Costonis, recently reviewed the 10 risk factors of e-banking (electronic banking) in her webinar, Opening Accounts Online: CIP, CDD, Documentation & More. Below are the 10 regulatory requirements and issues your financial institution should consider when offering online banking services.

  1. BSA (Bank Secrecy Act) and CIP (Customer Identification Program). Verify the true identity of the deposit customer and create a RISK profile based on the increased risks of online bank account opening. Susan commented, “You have to have a risk profile, and based on the risk profile, you take appropriate action.”
  2. Disclosures – accuracy, completeness, and delivery. Deliver accurate account disclosures. Confirm that all E-SIGN consent steps have been completed. There are SIX steps for consent. “Disclosures you would have given on paper in person, you would also do electronically, but with the added step of looking at 6 steps of e-sign compliance.”
  3. Regulatory Oversight (UDAAP – Unfair Deceptive Abusive Acts and Practices). Confirm that all advertising and account information was provided, and that the consumer was advised of all fees and that an informed decision was made in the consumer’s best interest. Susan stressed that “You’ve got to cross all the T’s and dot the I’s on advertising…leaving out even simple stuff like what it will cost to get paper instead of electronic statements is something that could cause you issues with UDAAP”.
  4. Advertising. Review requirements for advertising, especially Truth in Savings, for triggering terms and required model language. “Make sure all of the required language is in there, especially if you have some triggering terms.”
  5. Privacy – information sharing practices. Provide actual practices and opt-out options. 
  6. Technology – changes in sending and receiving electronic disclosures and information. Monitor software and hardware requirements. Implement audit and internal control procedures. 
  7. Cybersecurity – identity theft and elder abuse. Exercise due diligence for “out-of-wallet” questions to detect fraud and identity theft. Be alert to the potential for abuse of older customers and elder abuse; provide resources for identity theft reporting and resources for seniors.
  8. Policies and procedures. Have all policies and procedures been updated to reflect the risks of online account opening, revised CIP and CDD procedures for BSA compliance, updates to required risk assessments (BSA, identity theft red flags, OFAC, audit, deposit compliance)? “Make sure they are updated and approved by your board”.
  9. Social media – restrictions on employees' use of social media in the workplace. A social media policy is required so employees understand that “personal” is “public” and there are restrictions against “advertising” services that an employee can offer or how complaints may be handled. Susan questioned, “Do your employees know they cannot advertise on their own personal Facebook page to come open a CD because they want to meet their marketing goal?”. She also included a social media policy template in the webinar’s Take-Away Toolkit. 
  10. Complaints. It is a best practice and regulatory expectation to have a complaint policy and procedures. Complaints can be sent to social media and must be reviewed. Check YOUR regulators’ resources and exam procedures for expectations about handling complaints.

To gain more insights from Susan, visit her page to access upcoming and on-demand webinars.