Answer:
CompliancePro has a set of electronic banking procedures. With their permission, we offer the following sample procedures for the planning and implementation phase of electronic banking. These questions should help you key in on some of the important issues you need to focus on:
- Has the board, or an appropriate committee, approved each of the electronic systems based on a written strategic plan and risk analysis commensurate with the activity?<
- Did the analysis address the following issues:
- The function of electronic delivery channels within the strategic or operating plan?
- Risks associated with each electronic system?
- Have guidelines for accepting account applications and other relevant policies and procedures been updated to address activities beyond the traditional trade area?
- Have experienced individuals been designated to develop and implement electronic banking services?
- Do these individuals have clearly defined and segregated duties/responsibilities, and have adequate resources to meet their responsibilities?
- Has each system been adequately tested by:
- Volume stress testing (to ensure system capacity),
- Screen testing (to review content), and
- Pilot program (to evaluate feasibility).
- Has management provided adequate training for all officers and staff affected by electronic banking systems, including those responsible for products, services, information systems, audit, compliance and legal issues?
- Are the training programs provided on an on-going basis?
- Has management confirmed the applicability of insurance coverage, such as blanket bond and excess liability coverage, errors and omissions, and other coverages?
- Are any gaps in coverage appropriately addressed?
- Does management complete or obtain a feasibility study for each system implemented?
- Do the studies consider various scenarios, including "worst case" scenarios?
- Does management and the board review the study?
- For each system that interacts with any of the institution's operating systems or databases, does management require a review of the interactive components and processes to ensure compatibility and security?
- If applicable, does management verify the accuracy and content of financial planning software, calculators, and other interactive programs (between the institution and its customers) available through the systems?
- As appropriate, has the institution developed a backup system or method for users to conduct normal activity in the event the system is not available for an extended period of time?
- Does the institution have procedures to notify users in the event of a problem?
- Does the institution ensure that physical access to computer hardware, software, communication equipment and communication lines are restricted to appropriate personnel to ensure security?
First published on BankersOnline.com 3/5/01
Copyright, 2001, BankersOnline.com.