Compliance/Legal Risk

Compliance and legal issues arise out of the rapid growth in usage of e-banking and the differences between electronic and paper-based processes. E-banking is a new delivery channel where the laws and rules governing the electronic delivery of certain financial institution products or services may be ambiguous or still evolving. Specific regulatory and legal challenges include:

  • Uncertainty over legal jurisdictions and which state's or country's laws govern a specific e-banking transaction,
  • Delivery of credit and deposit-related disclosures/notices as required by law or regulation,
  • Retention of required compliance documentation for on-line advertising, applications, statements, disclosures and notices; and
  • Establishment of legally binding electronic agreements.

Laws and regulations governing consumer transactions require specific types of disclosures, notices, or record keeping requirements. These requirements also apply to e-banking, and federal banking agencies continue to update consumer laws and regulations to reflect the impact of e-banking and on-line customer relationships. Some of the legal requirements and regulatory guidance that frequently apply to e-banking products and services include:

  • Solicitation, collection and reporting of government monitoring information on applications and loans, as required by Equal Credit Opportunity Act (Regulation B) and Home Mortgage Disclosure Act (Regulation C) regulations;
  • Advertising requirements, customer disclosures, or notices required by the Real Estate Settlement Procedures Act (RESPA), Truth in Lending (Regulation Z), and Truth In Savings (Regulation DD) and Fair Housing regulations;
  • Proper and conspicuous display of FDIC or NCUA insurance notices;
  • Conspicuous webpage disclosures indicating that certain types of investment, brokerage, and insurance products offered have certain associated risks, including not being insured by federal deposit insurance (FDIC or NCUA);
  • Customer identification programs and procedures, as well as record retention and customer notification requirements, required by the Bank Secrecy Act;
  • Customer identification processes to determine whether transactions are prohibited by the Office of Foreign Asset Control (OFAC) and, when necessary, whether customers appear on any list of known or suspected terrorists or terrorist organization provided by any government agency;
  • Delivery of privacy and opt-out notices by hand, by mail, or with customer acknowledgement of electronic receipt;Required by regulations required by the Gramm-Leach-Bliley Act. See 12 CFR 40.9 (OCC), 12 CFR 216.9 (Board), 12 CFR 332.9 (FDIC), 12 CFR 573.9 (OTS), and 12 CFR 716.9 (NCUA).
  • Verification of customer identification, reporting, and record keeping requirements of the Bank Secrecy Act (BSA), including requirements for filing a suspicious activity report (SAR); and
  • Record retention requirements of the Equal Credit Opportunity Act (Regulation B) and Fair Credit Reporting Act regulations.

Institutions that offer e-banking services, both informational and transactional, assume a higher level of compliance risk because of the changing nature of the technology, the speed at which errors can be replicated, and the frequency of regulatory changes to address e-banking issues. The potential for violations is further heightened by the need to ensure consistency between paper and electronic advertisements, disclosures, and notices. Additional information on compliance requirements for e-banking can be found on the agencies' websites and in references contained in appendix C.


Previous Section
Liquidity, Interest Rate, Price/Market Risks
Next Section
Strategic Risk