Appendix D: Laws, Regulations, and Guidance



Resource TitleTypeDate
15 USC 1601: Truth in Lending ActLawN/A
12 USC 1861-1867(c): Bank Services Company ActLawN/A
12 USC 4001: Expedited Funds Availability ActLawN/A
12 USC 5001: Check Clearing for the 21st Century ActLawN/A
15 USC 1681m(e): Fair Credit Reporting ActLawN/A
15 USC 1693: Electronic Funds Transfer ActLawN/A
15 USC 6801 and 6805(b): Gramm-Leach-Bliley ActLawN/A
18 USC 1 (Pub. L. No. 107-56): USA Patriot ActLawN/A
31 USC 5311: Bank Secrecy ActLawN/A

Federal Financial Institutions Examination Council

Resource TitleTypeDate
Authentication in an Internet Banking EnvironmentGuidanceOctober 2005

Bank Secrecy Act/anti-Money Laundering InfoBase


Check 21 InfoBase


Federal Reserve Board

Resource TitleTypeDate
12 CFR 210, Subparts A and B (Regulation J)RegulationN/A
12 CFR 205 (Regulation E)RegulationN/A
12 CFR 226, Truth in Lending (Regulation Z)RegulationN/A
12 CFR 229, Subparts A, B, and C (Regulation CC)RegulationN/A
SR Letter 09-2: FFIEC Guidance Addressing Risk Management of Remote Deposit Capture ActivitiesRegulationJanuary 14, 2009
Board of Governors of the Federal Reserve System Payments System Risk (PSR) PolicyGuidanceDecember 19, 2008
SR Letter 07-15: Release of Revised FFIEC Bank Secrecy Act/Anti-Money Laundering Examination ManualRegulationAugust 24, 2007
SR Letter 05-19: Interagency Guidance on Authentication in an Internet Banking EnvironmentGuidanceOctober 13, 2003
SR Letter 01-15: Safeguarding Customer InformationGuidanceJune 7, 2001
SR Letter 01-11: Identity Theft and Pretext CallingGuidanceApril 26, 2001
SR Letter 00–17: FFIEC Guidance on the Risk Management of Outsourced Technology ServicesGuidanceNovember 30, 2000
SR Letter 00-04: Outsourcing of Information and Transaction ProcessingGuidanceFebruary 29, 2000
SR Letter 93-64: Credit Card-related Merchant ActivitiesGuidanceDecember 18, 1993

Federal Deposit Insurance Corporation

Resource TitleTypeDate
FIL 4-2009: Risk Management of Remote Deposit CaptureGuidanceJanuary 14, 2009
FIL 129-2008: New General Counsel's Opinion No. 8, Stored Value Cards and Other Nontraditional Access MechanismsGuidanceNovember 13, 2008
FIL 127-2008: Guidance on Payment Processor RelationshipsGuidanceNovember 7, 2008
FIL 44-2008: Guidance on Managing Third-Party RiskGuidanceJune 6, 2008
FIL 32-2007: Identity Theft - FDIC's Supervisory Policy on Identity TheftGuidanceApril 11, 2007

Credit Card Activities Manual

GuidanceMarch 2007
FFIEC Guidance Authentication in an Internet Banking Environment, FIL 103-2005GuidanceOctober 2005
FIL 7-2005: Fair and Accurate Credit Transactions Act of 2003, Guidelines Requiring the Proper Disposal of Consumer InformationGuidanceFebruary 2, 2005
FIL 116-2004: Check Clearing for the 21st Century ActGuidanceOctober 27, 2004
FIL 39-2001: Identity Theft and Pretext CallingGuidanceMay 9, 2001
FIL 79-98: Electronic Financial Services and Consumer ComplianceGuidanceJuly 16, 1998

National Credit Union Administration

Resource TitleTypeDate
NCUA Letter to Credit Unions, 09-CU-01: Risk Management of Remote Deposit Capture (with Enclosure)GuidanceJanuary 2009
NCUA Letter to Credit Unions, 07-CU-13: Supervisory Letter - Evauluation Third Party RelationshipsGuidanceDecember 2007
NCUA Corporate Credit Union Guidance Letter 07-04: Accounting for Future-Dated Automated Clearing House (ACH) TransactionsGuidanceOctober 2007
NCUA Letter to Credit Unions 06-CU-14: Bank Secrecy ACT (BSA)/Anti-Money Laundering (AML) Manual Interagency OutreachGuidanceSeptember 2006
NCUA Letter to Credit Unions 05-CU-18: Guidance on Authentication in Internet Banking EnvironmentGuidanceNovember 2005
NCUA Letter to Credit Unions 05-CU-16: Bank Secrecy Act ComplianceGuidanceOctober 2005
NCUA Regulatory Alert 05-RA-02: Suspicious Activity Reports on OFAC blocked transactionsGuidanceJanuary 2005
NCUA Regulatory Alert 04-RA-12: Check 21 ActGuidanceOctober 2004
NCUA Regulatory Alert 03-RA-07: Final Patriot Act Regulations on Customer (Member) IdentificationGuidanceMay 2003
NCUA Letter to Credit Unions, 01-CU-09: Identity Theft and Pretext CallingGuidanceSeptember 2001
NCUA Letter to Credit Unions, 01-CU-11: Electronic Data Security OverviewGuidanceAugust 2001
NCUA Regulatory Alert 01-RA-08: Interim Final Rules Amending Regulations B, E, M, Z, and DD - Electronic Delivery of Required DisclosuresGuidanceAugust 2001
NCUA Letter to Credit Unions, 00-CU-11: Risk Management of Outsourced Technology Services (with Enclosure) GuidanceDecember 2000
NCUA Regulatory Alert 99-RA-3: Pretext Phone Calling by Account Informa-tion BrokersGuidanceFebruary 1999

Office of the Comptroller of the Currency

Resource TitleTypeDate
Office of the Comptroller of the Currency (OCC) Comptroller’s Handbook: Depository ServicesGuidanceNovember 19, 2008
OCC Bulletin 2009-4: Remote Deposit Capture: Interagency GuidanceGuidanceJanuary 14, 2009
OCC Comptroller’s Handbook: Truth in LendingGuidanceOctober 6, 2008
OCC Bulletin 2008-12: Payment Processors: Risk Management GuidanceGuidanceApril 24, 2008
OCC Bulletin 2006-39: Automated Clearing House Activities: Risk Management GuidanceGuidanceSeptember 1, 2006
OCC Bulletin 2006-06: Bank Secrecy Act/Anti-Money Laundering: Joint Statement on Sharing Suspicious Activity Reports with Controlling CompaniesGuidanceJanuary 27, 2006
OCC Bulletin 2005-13: Response Programs for Unauthorized Access to Customer Information and Customer Notice: Final GuidanceGuidanceApril 14, 2005
OCC Advisory Letter 2004-6: Payroll Card SystemsGuidanceMay 14, 2004
OCC Bulletin 2003–01: Credit Card Lending, Account Management and Loss Allowance GuidanceGuidanceJanuary 8, 2003
OCC Comptroller's Handbook: Merchant ProcessingGuidanceDecember 2001
OCC Bulletin 2001-47: Third Party Relationships, Risk Management PrinciplesGuidanceNovember 1, 2001
OCC Bulletin 2001-6: Expanded Guidance for Subprime Lending ProgramsGuidanceJanuary 31, 2001
OCC Advisory Letter 2000-10: Payday LendingGuidanceNovember 27, 2000
OCC Advisory Letter 2000-9: Third-Party RiskGuidanceAugust 29, 2000
OCC Advisory Letter 2000-6: Audit and Internal ControlsGuidanceJuly 23, 2000
OCC Bulletin 2000-20: FFIEC Uniform Retail Credit Classification and Account Management PolicyGuidanceJune 22, 2000
OCC Bulletin 2000-16: Risk Modeling, Model ValidationGuidanceMay 30, 2000
OCC Bulletin 2000-3: FFIEC Consumer Credit Reporting PracticesGuidanceFebruary 16, 2000
OCC Bulletin 99-15: Subprime Lending: Risks and RewardsGuidanceApril 5, 1999
OCC Bulletin 99-10: Interagency Guidance on Subprime LendingGuidanceMarch 5, 1999
OCC Bulletin 98-3: Technology Risk Management: Guide for Bankers and ExaminersGuidanceFebruary 4, 1998
OCC Bulletin 97-24: Credit Scoring Models, Examiner GuidanceGuidanceMay 20, 1997
OCC Advisory Letter 96-7: Credit Card Pre-Approved SolicitationsGuidanceSeptember 26, 1996

Office of Thrift Supervision

Resource TitleTypeDate
12 CFR Part 570: Interagency Guidelines Establishing Standards for Safeguarding Customer Information, Appendix BRegulationN/A
RB 37-37: Electronic Fund Transfer ActGuidanceMay 5, 2009
CEO Letter 291: Risk Management of Remote Deposit CaptureGuidanceJanuary 14, 2009
CEO Letter 273: Compliance with Truth in Savings and Electronic Transfer Act Rules: Government Accountability Office Report 08-281GuidanceApril 25, 2008
CEO Letter 228: Interagency Guidance on Authentication in an Internet Banking EnvironmentGuidanceOctober 13, 2005
CEO Letter 214: Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer NoticeGuidanceMarch 30, 2005
RB 37-10: Check 21GuidanceFebruary 18, 2008
Thrift Bulletin 82a: Third Party ArrangementsGuidanceSeptember 1, 2004
CEO Letter 90: FFIEC Information Technology Examination Handbook- Audit Booklet, Electronic Banking BookletGuidanceJuly 23, 1998
CEO Letter 113: Internal ControlsGuidanceJuly 14, 1999
Examination Handbook: Section 218, Credit Card LendingGuidanceN/A
Thrift Activities Handbook: Section 340, Internal ControlGuidanceDecember 2003
Thrift Activities Handbook: Section 341, Technology Risk ControlsGuidanceJanuary 2002
Thrift Activities Handbook: Section 580, Payment Systems RiskGuidanceJanuary 1994
Examination Handbook: Section 1330, Electronic Funds Transfer ActGuidanceN/A
Examination Handbook: Section 1335, Expedited Funds Availability ActGuidanceN/A
Examination Handbook: Section 1336, Check 21GuidanceN/A

Check Clearing for the 21st Century Compliance InfoBase, OTS Press Release 04-43

GuidanceOctober 2004


Previous Section
Appendix C: Schematic of Retail Payments Access Channels & Payments Method
Next Section
Appendix E: Mobile Financial Services