Is there something in writing such as a law or reg that states that customers are REQUIRED to sign a debit card application PRIOR to the issuance of a card? We have a situation where our new accts personnel are issuing cards without first obtaining the customer's signature on the application (due to call in requests). Sometimes the customer's don't come in and sign the applications after the fact either. They have now, since I've audited that area and noted those exceptions, are getting a loan officer to approve the issuiance of the card without a signed application on file. In my opinion this could open the back up for some possible trouble but I need hard proof and fact.

The idea is to prove that the issuance of the card was solicited - see 12 CFR 205.5. While the regulation allows this to happen with an "oral" request, most banks from an internal control standpoint, require signed applications. This prevents an unscrupulous employee from perpetuating debit card fraud by issuing cards to customers and then having them mailed to themselves, receiving incentive pay for selling debit cards, etc. It also creates a paper trail for audit purposes.

How long should debit card applications be kept?

The typical retention of Reg E related information is two years.