Electronic Banking: Enhancing Federal Oversight of Internet Banking Activities
GGD-99-91
Published: Jul 06, 1999. Publicly Released: Aug 03, 1999.
Skip to Highlights
Highlights
Pursuant to a congressional request, GAO reviewed federal oversight of depository institutions' Internet banking activities, focusing on: (1) the risks posed by Internet banking and the extent of any industrywide Internet banking-related problems; (2) the methods used by regulators to track depository institutions' plans to provide Internet banking services; (3) how regulators examined Internet banking activities; and (4) the extent to which regulators examined firms providing Internet banking support services to depository institutions.
Recommendations
Matter for Congressional Consideration
| Matter | Status | Comments |
|---|---|---|
| Congress may wish to consider whether NCUA's authority to examine the performance of services provided to credit unions by third-party firms is needed to ensure the safety and soundness of credit unions and, thus, should be extended beyond December 31, 2001. | No action has been initiated. |
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Office of Thrift Supervision | To help regulators better understand the extent of risks posed by Internet banking and to more effectively evaluate examination methods and procedures, as more experience is gained in conducting examinations of Internet banking services, the heads of the banking regulatory agencies should share information on the problems depository institutions have had in operating Internet banking activities as well as which Internet banking examinations methods and procedures they find to be most efficient and effective. |
In commenting on a draft of this report, the Director of the Office of Thrift Supervision agreed with the recommendation. OTS has shared its Internet banking examination procedures with FFIEC's Information Systems Subcommittee. OTS is having ongoing discussions with the other FFIEC agencies, and is sharing its Internet banking examination findings with the other FFIEC agencies on an informal basis.
|
| Office of the Comptroller of the Currency | To help regulators better understand the extent of risks posed by Internet banking and to more effectively evaluate examination methods and procedures, as more experience is gained in conducting examinations of Internet banking services, the heads of the banking regulatory agencies should share information on the problems depository institutions have had in operating Internet banking activities as well as which Internet banking examinations methods and procedures they find to be most efficient and effective. |
Please call 202/512-6100 for information.
|
| Federal Deposit Insurance Corporation | To help regulators better understand the extent of risks posed by Internet banking and to more effectively evaluate examination methods and procedures, as more experience is gained in conducting examinations of Internet banking services, the heads of the banking regulatory agencies should share information on the problems depository institutions have had in operating Internet banking activities as well as which Internet banking examinations methods and procedures they find to be most efficient and effective. |
In commenting on a draft of this report, the FDIC agreed with the recommendation. FDIC has shared its Internet banking examination procedures with FFIEC's Information Systems Subcommittee. FDIC has also shared its Internet banking examination findings with the other FFIEC agencies on an informal basis.
|
| Federal Reserve System | To help regulators better understand the extent of risks posed by Internet banking and to more effectively evaluate examination methods and procedures, as more experience is gained in conducting examinations of Internet banking services, the heads of the banking regulatory agencies should share information on the problems depository institutions have had in operating Internet banking activities as well as which Internet banking examinations methods and procedures they find to be most efficient and effective. |
Please call 202/512-6100 for information.
|
| National Credit Union Administration | To help regulators better understand the extent of risks posed by Internet banking and to more effectively evaluate examination methods and procedures, as more experience is gained in conducting examinations of Internet banking services, the heads of the banking regulatory agencies should share information on the problems depository institutions have had in operating Internet banking activities as well as which Internet banking examinations methods and procedures they find to be most efficient and effective. |
In commenting on a draft of this report, the NCUA stated that the report effectively described the risks imposed by Internet Financial Services. NCUA participates in the FFIEC Information System Subcommittee that is updating the FFIEC Information System Examination Handbook to include procedures on examining Internet banking activities. NCUA also participates in an FFIEC ad hoc committee that conducts joint examinations of Internet banking vendors.
|
| Federal Financial Institutions Examination Council | To help regulators better understand the extent of risks posed by Internet banking and to more effectively evaluate examination methods and procedures, as more experience is gained in conducting examinations of Internet banking services, the heads of the banking regulatory agencies should share information on the problems depository institutions have had in operating Internet banking activities as well as which Internet banking examinations methods and procedures they find to be most efficient and effective. |
Please call 202/512-6100 for information.
|
| Office of the Comptroller of the Currency | The Comptroller of the Currency and the Chairmen of the Board of Governors of the FRS and NCUA should establish procedures to obtain centralized information on institutions' plans to offer Internet banking. They should use this information to: (1) enhance monitoring of technological trends and innovations and thus their ability to assess emerging security and compliance issues; (2) provide more timely and specific risk management guidance to individual depository institutions, as necessary; and (3) augment the information used to plan for the availability of examiners with appropriate information systems expertise. |
Please call 202/512-6100 for information.
|
| Federal Reserve System | The Comptroller of the Currency and the Chairmen of the Board of Governors of the FRS and NCUA should establish procedures to obtain centralized information on institutions' plans to offer Internet banking. They should use this information to: (1) enhance monitoring of technological trends and innovations and thus their ability to assess emerging security and compliance issues; (2) provide more timely and specific risk management guidance to individual depository institutions, as necessary; and (3) augment the information used to plan for the availability of examiners with appropriate information systems expertise. |
Please call 202/512-6100 for information.
|
| National Credit Union Administration | The Comptroller of the Currency and the Chairmen of the Board of Governors of the FRS and NCUA should establish procedures to obtain centralized information on institutions' plans to offer Internet banking. They should use this information to: (1) enhance monitoring of technological trends and innovations and thus their ability to assess emerging security and compliance issues; (2) provide more timely and specific risk management guidance to individual depository institutions, as necessary; and (3) augment the information used to plan for the availability of examiners with appropriate information systems expertise. |
In commenting on a draft of this report, the NCUA stated that the report effectively described the risks imposed by Internet Financial Services. As of September 8, 2000, NCUA had made final changes to its call report for December 2000 publication to include line items for Internet banking activities. Information requested from credit unions include e-mail address, World Wide Website address, and whether the website is interactive or not.
|
| Federal Financial Institutions Examination Council | To help ensure that reviews of the adequacy of Internet banking services provided by third-party firms are conducted in a cost-efficient manner, on the basis of the results of its research project, the Chairman, Federal Financial Institutions Examination Council (FFIEC), through the FFIEC Task Force on Supervision should, develop plans and a timetable for the regulators' oversight of third-party firms. |
In commenting on a draft of this report, the FFIEC agreed with the need to ensure effective oversight of third party vendors that provide Internet Banking services. The agencies have completed a preliminary review of Internet banking vendors. Selected vendors have been subject to interagency examinations with each agency alternating as the lead agency. Ongoing review of this industry by the FFIEC is continuing.
|
| National Credit Union Administration | To help ensure the safety and soundness of Internet banking at credit unions, as work related to the year 2000 computer problem diminishes, the Chairman, NCUA, should expeditiously develop Internet banking examination procedures and begin to examine Internet banking-related activities offered by credit unions. |
In commenting on a draft of this report, the NCUA stated that the report effectively described the risks imposed by Internet Financial Services. NCUA's Strategic Plan for 2000-2005 has a goal dedicated to e-commerce. Phase one of the strategy is to issue a bulletin to its examiners on NCUA's Information Systems and Technology Safety and Soundness Examination Program, which has been implemented. This bulletin, which deals with high level issues such as risk assessment, was issued on July 13, 2000, along with an e-commerce questionnaire for its examiners. The second phase is more technically oriented, and serves to identify important issues related to the technology. In this second phase, NCUA plans to train 60 subject matter experts in information system and technology issues (NCUA only has 3 IT examiners). Phase three of the plan is to gain deeper knowledge of the technology, and provide more specific training to examiners. This strategic plan has been presented to the NCUA Board for review and is rolled into the budget package. NCUA has provided IT training to over 60 examiners in 2001 and 2002. This group of examiners received Level 1 training on March 26, 2001, Level 2 training on May 18, 2001, and level 3 training on March 25, 2002. NCUA also provided IT training to state examiners in February 2001.
|
Full Report
Office of Public Affairs
Topics
Banking regulationComputer networksComputer support servicesComputer securityConfidential communicationsCredit unionsE-commerceElectronic funds transferInternetLending institutionsWebsites