Resource Documents Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision Financial Crimes Enforcement Network Office of Foreign Assets Control

Examination Procedures Core Procedures Expanded Procedures

Bank Secrecy Act Anti-Money Laundering Examination Manual

Backward | Table of Contents | Forward

Electronic Banking—Overview

Objective.  Assess the adequacy of the bank’s systems to manage the risks associated with electronic banking (e-banking) customers, and management’s ability to implement effective monitoring and reporting systems.

E-banking systems, which provide electronic delivery of banking products to customers, include automated teller machine (ATM) transactions; on-line account opening; Internet banking transactions; and telephone banking.  For example, credit cards, deposit accounts, mortgage loans, and funds transfers can all be initiated on-line, without face-to-face contact.  Management needs to recognize this as a potentially high-risk area and develop adequate policies, procedures, and processes for customer identification and monitoring for specific areas of banking.  Refer to the core examination procedures, “Customer Identification Program” (CIP), for further guidance.  Additional information on e-banking is available in the FFIEC Information Technology Examination Handbook.¹⁵⁴

Risk Factors

Banks should ensure that their monitoring systems adequately capture transactions conducted electronically.  As with any account, they should be alert to anomalies in account behavior.  Red flags may include the velocity of funds in the account or, in the case of ATMs, the number of debit cards associated with the account.

Accounts that are opened without face-to-face contact may be a higher risk for money laundering and terrorist financing for the following reasons:

• More difficult to positively verify the individual’s identity.
• Customer may be out of the bank’s targeted geographic area or country.
• Customer may perceive the transactions as less transparent.
• Transactions are instantaneous.
• May be used by a “front” company or unknown third party.

Risk Mitigation

Banks should establish BSA/AML monitoring, identification, and reporting for unusual and suspicious activities occurring through e-banking systems.  Useful management information systems for detecting unusual activity in high-risk accounts include ATM activity reports, funds transfer reports, new account activity reports, change of Internet address reports, Internet Protocol (IP) address reports, and reports to identify related or linked accounts (e.g., common addresses, phone numbers, e-mail addresses, and tax identification numbers).  In determining the level of monitoring required for an account, banks should include how the account was opened as a factor.  Banks engaging in transactional Internet banking should have effective and reliable methods to authenticate a customer’s identity when opening accounts on-line and should establish policies for when a customer should be required to open accounts on a face-to-face basis.¹⁵⁵   Banks may also institute other controls, such as establishing transaction dollar limits for large items that require manual intervention to exceed the preset limit.

 

 

 

Backward | Table of Contents | Forward