Booklet: E-Banking Section: Appendix A: Examination Procedures Subsection: Discussion Points for Examiners

Previous Subsection Table of Contents Next Subsection

Financial institutions frequently contact examiners seeking guidance on things to consider when they plan to offer or expand e-banking services. The following discussion points are offered as a guide to assist examiners when discussing e-banking plans and strategies with institution management.

Strategic Plans — Decisions on e-banking should be consistent with the financial institution’s strategic and operating business plans. Any decision to offer or expand e-banking services should consider customer demand for the services, competitive issues, and the risks in the technology. The institution should periodically evaluate the success of its e-banking strategy and make changes as appropriate.

Impact on Earnings and Capital — Financial institution management should have realistic projections of the expected impact of e-banking on earnings and capital. If management projects a significant impact then profitability plans should address pricing and marketing expenses. If management projects rapid growth in loans or deposits, then plans should address the impact on liquidity, asset quality, and capital adequacy.

E-Banking Software and Service Provider Selection — Financial institutions should provide an appropriate level of due diligence in selecting third-party providers or developing systems in-house. User departments should be involved in the selection process since they will work with the system on a daily basis once it is operational.

Security — Financial institution management should understand security issues associated with e-banking. Security issues include customer verification and authentication, data confidentiality and integrity, and intrusion prevention and detection. Management should measure the effectiveness of security controls.

Internal Controls and Audit — The institution’s board and management should ensure that internal control and audit processes are adequate to enable the identification, measurement, and monitoring of the risks associated with e-banking. Management should attempt to quantify increased expenses and losses due to internal control-related weaknesses and fraud.

Legal Requirements — Management should research and understand various legal requirements, including compliance issues, as part of the e-banking decision process. Many legal issues are evolving and will require management to monitor developments.

Vendor Management — Research of outsourcing arrangements should include consideration of potential vendors’ financial condition, reputation and expertise, years in business, history of service interruptions and recoveries, and future business plans. Selection should also consider the ability to agree on a contract that clearly defines responsibility for maintaining and sharing information and any resulting liability for its unauthorized use or disclosure.

Business Continuity Planning — Whether provided by the financial institution or a third party, management should plan for recovery of critical e-banking technology and business functions and develop alternate operating processes for use during service disruptions.

Insurance — A review of insurance coverage may be in order to determine if existing policies specifically cover or exclude activities conducted over open networks like the Internet.

Expertise — The financial institution should ensure it has the proper level of expertise to make business decisions regarding e-banking and network security. The board of directors and senior management may need to enhance their understanding of technology issues. If such expertise is not available in-house, the institution should consider engaging outside expertise.

Previous Subsection Table of Contents Next Subsection           Home IT Booklets Glossary Resources Presentations