October 14, 1999
OCC Issues Examination Handbook On Internet Banking
WASHINGTON, D.C. — The Office of the Comptroller of the Currency (OCC) issued a new handbook today outlining procedures for examining Internet banking activities in national banks. The OCC estimates that about 500 national banks have transactional web sites that would be subject to today's examination procedures, as would other national banks with non-transactional web sites.
Today's handbook is the most comprehensive document on Internet banking issued by the OCC to date. The handbook applies the nine categories of risk used by the OCC in all safety and soundness examinations to Internet banking.
"Today's guidance provides OCC examiners with a complete set of supervisory tools to examine Internet banking activities." said Clifford A. Wilke, Director of Bank Technology at the OCC. "We also know many national banks are considering this activity; this handbook will be useful to them in outlining business and technical issues associated with offering banking products and services via the Internet."
The handbook outlines risks unique to Internet banking. For example, the handbook notes that Internet loan customers can be anywhere in the world which creates special challenges in authenticating identities, an important element in making sound credit decisions. Verifying collateral and perfecting loan security agreements also present a challenge with out-of-area borrowers.
Internet banking customers, searching for the best rates of return, react quickly to changing market conditions and could create deposit volatility for banks. The handbook underscores that interest rate and liquidity risk can exist with Internet customers which might require increased monitoring of liquidity.
The issue of customer privacy is addressed in the handbook and the challenges that the Internet can present to the use of personal information. The OCC issued guidance to national banks in May on web site privacy statements.
The handbook also addresses the anonymity of banking over the Internet and the challenge this presents to monitoring suspicious activity as required by laws on money laundering in the Bank Secrecy Act.
The threat from intruders into bank systems also is covered in the handbook. Intrusions are more often from internal than external sources because internal users have access and knowledge of systems. Strong intrusion detection systems can detect unsuccessful intrusions that often precede successful efforts or break-ins. The handbook outlines various types of on-line attacks, including those known as sniffers, brute force, random dialing, trojan horse and hijacking intrusions.
Today's handbook follows previous OCC guidance on technology topics, including guidance on technology risks in general, on PC banking and on cyber-terrorism.
The Internet Banking Handbook issued today is part of the Comptroller's Handbook for National Bank Examiners.
The Internet Banking Handbook is available on the OCC web site: www.occ.treas.gov. For a copy of the Handbook, write to: Office of the Comptroller of the Currency, Communications Division, Washington, D.C. 20219. Copies can also be requested by fax at (202) 874-4448; by phone at (202) 874-5043; or by visiting the OCC's Public Reference Room at 250 E Street, S.W., Washington, D.C. (9a.m. - noon and 1-3p.m, Monday-Friday).