I would think you could have it as part of your Ebanking Policy, but there are some specifics you would want to make sure you address i.e. roles and responsibilities, risk management, vendor management, contract/agreement requirements, limits on who it is offered to, etc. I would make it a separate section in the Ebanking Policy if that is the direction you choose to go.
_________________________
Susan Orr, CISA CRP CISM
susan@susanorrconsulting.com
630.499.0276