The Federal Deposit Insurance Corp. has become the first federal banking regulator to issue safety and soundness examination procedures for electronic banking.
Thursday, the FDIC began mailing copies of its new requirements to its 2,000 examiners, who will begin training Feb. 10. By May, the 6,395 state banks that do not belong to the Federal Reserve System will begin to be evaluated under the new guidelines.
The Federal Reserve Board and the Office of the Comptroller of the Currency are currently developing their own electronic banking guidelines for state member banks and national banks, respectively.
The FDIC broadly defines electronic banking to include screen-phone systems, Internet banking, stored-value cards, and other technologies.
In general, the FDIC wants to ensure that bank management has controls to protect the security of computer systems and the privacy of financial and customer information, said Cynthia A. Bonnette, an FDIC examiner who oversaw development of the guidelines.
Electronic banking activity has been growing, she said. Today about 700 banks and thrifts have presences on the Internet, with 16 conducting financial transactions on-line. That number is estimated to reach 30 in the next several months and 500 within a decade, Ms. Bonnette said.
The new guidelines oversee nontechnological areas of electronic services, such as a bank's strategic plans, operating procedures, auditing controls, and contracts with outside vendors. Later this year, the agency will issue requirements for the technological aspects of electronic banking systems.
The depth of review has been divided into three levels: Level 1 includes information-only systems, such as a Web page used for advertising; level 2 involves the transfer of information, such as signing up on-line for a loan; and level 3 applies to systems that permit payment transactions.
Examiners will ask questions such as: Are Web sites periodically checked for accuracy and content to make sure hackers have not changed them? Has the bank established rules for access to confidential information by employees and outside vendors? How does the bank verify the identity of someone requesting an account transaction?
Bankers have been yearning for guidance from regulators on electronic banking, according to consultants.
"This is going to be a lot of help for the banks," particularly for community banks that don't have technology and risk experts, said Diane M. Casey, national director of financial services for Grant Thornton LLP.
However, the industry opposes premature restrictions that could let nonbank competitors pass them by.
"My sense was that was exactly the position the FDIC was coming from," said Thomas P. Vartanian, a lawyer at Fried, Frank, Harris, Shriver & Jacobson. "Like everybody else, they don't know where this market is going."
