FRB Shows The Way To E-Compliance

The Board of Governors of the Federal Reserve System ("FRB") met on August 18, 1999 and decided to publish for comment a second draft of proposed rules for electronic disclosure. The publication deals with electronic disclosure and notices under Regulations B, E, M, Z, and DD.

These proposals modify the ideas published in March, 1998 and contain some new concepts. Concerns expressed in comments by industry members and by consumer advocates have resulted in several modifications and new ideas that appear in this proposal.

Customer Acceptance
The new proposal would provide that a bank could only use electronic disclosures if and after the consumer agrees to receive disclosures electronically. This agreement is a core element of the permission to use electronic means for providing disclosures.

The proposal contains a model form that would be used for obtaining customer acceptance. Needless to say, the form could be provided and completed electronically as well as on paper. However if the bank obtains the acceptance, the bank would need to maintain a record of it.

It could also become necessary to keep a record of how each type of account was opened. Consumer advocates have raised a concern that bankers could pressure consumers into accepting electronic disclosures. Their imaginations have conceived the possibility of bankers going from door to door with laptop computers to open electronic accounts and force consumer acceptance of electronic disclosures. In the face of concerns of this magnitude, banks should be aware that they could carry the burden of proof if the customer's acceptance comes into question.

Who could get e-disclosures
Electronic disclosures would not be restricted to electronic banking customers. Any customer could request or agree to receive disclosures and/or statements electronically. The institution could offer the service to any customer, without being limited to customers who open accounts or conduct electronic transactions.

As a practical matter, any customer that consents to receive electronic disclosures is probably also a potential or actual electronic banking customer. An important customer protection mechanism that would be built into the rule is the requirement that the institution provide paper disclosures to any customer that opens an account in person, even if the account will be set up as an electronic account. In this way, the consumer will have at least the initial information on paper.

Where and how to send e-disclosures
Banks could send e-disclosures in two ways. One method would be to send disclosures to the customer's e-mail address. The alternative would be to make the information available in the institution's website. Both delivery methods would require agreement by the customer.

If the bank makes disclosures available on its website, the rule would require that the bank notify customers by e-mail when the disclosures are available. Disclosures would have to remain available on the website for at least 90 days.

Whichever method the bank uses, you will need the customer's e-mail address. This means it would be a good idea to provide for how and when the customer should notify the bank if they change their e-mail address.

The Board is requesting comments on whether the rule should require that the institution send disclosures with a mechanism for verifying that the consumer has received them. Comments should include the institutions views on such a requirement and information about what technology it would or could use and the cost of such technology.

What e-disclosures look like
As with paper disclosures, there would be standards for the clarity and readability of electronic disclosures. The proposal bases its requirements on the existing requirements for paper disclosures. Thus, the disclosures will have to be "clear and readily understandable."

In addition, the disclosures will have to meet each regulatory rule for format, timing, and retainability. This means that disclosures will need to be segregated from other information when that is required by the regulation. This separation requirement would apply to certain closed-end Truth in Lending requirements. Similarly, the "federal box" requirement of ?226.17(a) would dictate format for closed-end disclosures.

Compliance with timing rules would necessitate building the web pages so that a consumer would have to read and, if required, act on, certain types of disclosures before proceeding. For example, some Truth in Lending disclosures must be given before an application is taken or with an application. These would need to be posted on a page before the application for that product on the website.

To enable the consumer to retain any disclosures, there would be two options. First, the consumer should be able to save the disclosure on his or her computer and/or print the disclosure. As an alternative, the bank could send paper disclosures upon the consumer's request.

If the electronic banking or electronic disclosure is performed using the bank's equipment, the bank would have to provide equipment to enable the consumer to retain copies - i.e., the consumer should be able to print the information using the bank's equipment. Banks providing such terminals would need to maintain the terminal and the printer in full working order. The printer should never run out of paper.

Customer equipment
In order for all this to work, the bank's customers will need equipment that can accommodate the information that the bank posts or sends. The proposal - based on the urging of consumer advocates - would require the institution to take steps to confirm that the consumer has the equipment necessary to receive and retain electronic disclosures. At a minimum, this would mean a computer, modem, printer, and compatible software.

Clearly, programming of electronic disclosures and websites should be designed for the more basic and less elaborate home computer equipment. Designing web pages for the "state of the art" level could lead to problems.

Integrity, security, and similar concerns
Consumer advocates have expressed strong concerns about the security and integrity of information delivered electronically. They have also raised concerns that the institution could alter the disclosures to the disadvantage of the customer. They have therefore asked the Board to consider ways to ensure the integrity of the disclosures provided to consumers.

The Board is requesting comment on the feasibility of providing disclosures that cannot be altered without detection. Alternatively, the Board seeks comments on whether there are systems to determine whether disclosures have been altered. The important issue for comment here is to describe the type of procedures, controls, and safeguards that institutions have or can put in place.

Also suggested has been the concept of using an independent third party to verify the integrity of electronic documents. This would involve the use of an entity such as an "e-notary." The Board wants comments on the feasibility and cost of such an approach.

ACTION STEPS

If your bank does or is planning to offer electronic banking, find out who works on your web site. Establish regular communication with them regarding compliance requirements.
Prepare and submit comments on this proposal. Give particular attention to any requirements that would be expensive or difficult to fulfill.
Provide information in your comment letter about the need, cost, and feasibility of sending disclosures with verification of receipt.
Learn about security systems on the Internet. Talk with your computer types about electronic security and use this information in your comment letter.