A Cybersavvy Resource
Fletcher, Charlie, Independent Banker
The OCC's new handbook is a nutshell of online system security information
Internet banking remains a hot topic for bank examiners, and it promises to get still hotter as ever more banks take their services onto the World Wide Web. According the OCC, more than 500 national banks now have Web sites where transactional banking can take place.
But while the Internet provides banks the ability to give customers unprecedented levels of convenient products and services, it also creates new opportunities for banking risks. A recent report from the General Accounting Office is warning that banks-especially smaller banks-might be jumping onto the Internet too quickly.
"Examiners were concerned that some smaller institutions were implementing Internet banking systems before they had established operating policies and procedures, and that bank management had to be reminded that operating policies and procedures were not optional," states the GAO report, "Electronic Banking: Enhancing Federal Oversight of Internet Banking Activities."
Responding to the need for leadership in this area, the OCC issued a new section of its Comptroller's Handbook outlining procedures for evaluating Internet banking activities in national banks. The OCC's new examination handbook on Internet banking is designed to provide bankers and examiners with guidance on identifying and controlling the risks associated with Internet banking.
But Clifford Wilke, director of bank technology at the OCC, emphasizes that although Internet banking will be regulated the same as banking in a physical branch, the OCC also does not want to unduly hinder technological improvements in the industry. "We want to provide guidance on best practices," he says. "However, we do not want stifle new industries starting out, or make the playing field unlevel for banks or other institutions."
The most important thing to remember when considering Internet banking is that it doesn't redefine banking; it is just another way to deliver products and services. "We want our banks to use the same procedures for Internet banking as they would in any new endeavor-the same due dillgence, the same way of looking at safety and soundness," Wilke explains.
Although the OCC's guidebook tries to be thorough, Wilke says it would be a mistake to believe it covers every issue for bankers. "We wanted to have a comprehensive guide to Internet banking as it sits today. Probably five years from now, there will be revisions to it. It's a starting point because the industry itself is at a starting point-."
Taking a Broad View
The OCC's new handbook outlines both business and technical issues that surround the process of providing bank products and services through the Internet. In addition to detailing examination procedures, the publication also outlines the risks unique to online banking.
Under the handbook procedures, your bank's examination will include a new two-part evaluation to assess the quantity and quality of its risk management procedures for its Internet banking operation. In evaluating the quantity of risk in your bank's Internet operation, examiners look at what products and services a bank offers on the Internet and how it complies with banking laws. Examiners then judge the quality of your Internet banking risk management strategy.
Briefly, the risk-quality assessment of the exam now covers three broad areas:
* policies and strategic planning;
* processes, such as passwords, virus detection, and firewalls; and
* controls, such as software distribution and auditing.
Examinations will vary from one bank to another, depending on how involved each bank's online banking operation is. Wilke points out that the Internet can create potentially vulnerable conditions for banks, and they must have a plan to deal with them.
One obvious area of concern for regulators is computer hackers. …