Web Page Wisdom

Guidance From The Regulators

Editor's Note: Much of the guidance previously given by the regulators on electronic banking is still sound. The early steps to permit electronic disclosures via amendments to specific banking rules, however, have been superseded by the enactment of the ESIGN Act, the federal electronic signatures law. Any financial institution contemplating giving electronic disclosures in lieu of written ones should carefully conform its practices to ESIGN.

In mid-July 1998, the bank regulatory agencies issued guidance on how the consumer compliance regulations apply. The document identifies specific disclosure and advertising requirements that institutions should accommodate and also provides guidance on how to achieve compliance in a changing electronic environment.

The information is issued by the FFIEC and forwarded by each agency. In FIL-79-98, Carmen Sullivan's cover letter to FDIC-regulated banks stresses the role of management. She states that "management is responsible for monitoring its electronic banking operations" to ensure compliance, and that "Management should also take steps to ensure that its institution's compliance program is modified to account for the type and level of technology employed by the institution and changes in the regulations."

This clear message to management should not be underestimated. In recent months we have seen increasing signals that the agencies hold management ultimately responsible and expect to see management involved in and aware of the institution's compliance program.

The "suggested" guidance (and we suggest that you take the guidance very seriously) addresses ways to comply with a list of regulations when engaging in on-line banking, electronic funds transfers, and "other electronic payment systems," whatever those may turn out to be.

This is really an exercise in applying the concepts in a set of paper-based rules to new ways of doing business without burdening the industry with detailed procedural requirements. Whether this approach works will depend on how the industry responds. If the industry acts in ways that improve customer service and maintain customer protections, we may avoid more rules. But if the industry uses the electronic medium to take advantage of customers, Congress and the regulators will get busy.

This is clearly a situation when it is important to base your actions and decisions on the spirit of the law. It is not the time to assume that the electronic world is a large and unregulated frontier.

What's involved on the deposit side
First, there is Regulation E which calls for disclosures to be in writing and in a form the consumer may keep. An interim rule (3/20/98) permits electronic delivery of these disclosures as long as the consumer agrees to the delivery method.

Other electronic-friendly permissions in Regulation E include exemptions from providing a terminal receipt when the consumer initiates the transfer by phone, personal computer, or fax machine.

One of the risk zones is the electronic receipt of customer complaints about unauthorized transactions. The timing rules for investigation, response, resolution, and provisional crediting apply to complaints that are received electronically. If the bank accepts e-mail complaints, someone must monitor incoming complaints with regularity. Any delay in reading the e-mail is taken off of the bank's response and investigation time.

Then there is Regulation DD, with advertising and disclosure requirements. The agency guidance points out that the electronic media exemption for advertising does not apply to internet banking or other forms of electronic banking. All advertising requirements apply. This means including APYs with rates along with other triggered terms. Also watch for the timing rules for providing disclosures.

Finally, there is not yet a rule permitting electronic disclosures in lieu of paper. Although banks may provide electronic disclosures, the bank must follow with paper.

Regulation CC treatment is fairly straightforward. Hold notices may be provided electronically if the consumer agrees. The institution does not have to determine when the consumer opened the e-mail. ComplianceAction urges banks to be reasonable on this. We have had personal experience with long delays in delivering mail on the server. Don't make the customer pay the consequences for a server failure.

What's involved on the lending side
Let's start with the big one: Truth in Lending. Regulation Z has two important areas that should be accounted for in your website. First, all of the advertising rules apply. This means APRs and trigger terms. One of the biggest Internet violations we see (and we check from time to time) is a homepage that quotes rates but omits APRs and other triggered terms.

Regulation Z also permits delivery of periodic statements electronically provided that the customer agrees.

Finally, don't forget Regulation Z's billing error provisions. These have timing and procedural requirements built in.

Regulation M, consumer leasing, contains a broad definition of advertising that includes any message inviting, offering, or generally announcing the availability of leases. Any mention of lease availability on the website triggers the advertising rules in Regulation M.

Regulation B, Fair Housing, and HMDA all have Internet ramifications. For Regulation B and HMDA, an electronic application is exempt from collecting monitoring data unless the system has a video capability. Both regulations carry the concept that if you can't see the customer, you can't (and shouldn't) complete the monitoring data. But if you can see the customer, the data should be there. Taking an application electronically satisfies Regulation B's requirement for written applications. But remember that the application form on the Bank's site must comply with the regulation's form and notice requirements.

Statements regarding fair lending and the fair housing lender logo must appear in the website. The question is where to put it. ComplianceAction strongly recommends that the fair housing lender logo and non-discrimination statements be placed prominently with both ads for loans and with loan program descriptions. Putting it up once on the homepage is probably not enough.

The Fair Credit Reporting Act now permits adverse action notices to be provided electronically if specifically authorized by the consumer. There is not yet any such guidance in Regulation B, so the safer practice would be to provide paper disclosures.

And FDIC membership
One of the most difficult disclosure issues is where and how often to place the FDIC membership disclosure and logo. Clearly, this must be on the home page. The agencies now recommend that the FDIC logo also appear on any subsidiary page that contains an advertisement Banks that sell non-deposit investment products should be particularly careful in the placement of FDIC membership information. The web pages should never communicate any implication of FDIC insurance for non-deposit investment products. Even if the products are listed on different sub-pages, there may be customer confusion.

Compliance
Action recommends using the FDIC logo as an icon to place by every insured deposit account listing. Then develop a NDIP icon to place by the non-FDIC insured products. That way, each product is marked in a way to show its insurance status.

ACTION STEPS

Review your homepage regularly. Look for required language and icons. Also check any pages that have information on lending and deposit accounts.
Designate an individual and back-up to check e-mail at least daily for complaints under Regulations E and Z.
Review content of ads and notices put on the Internet. Make sure that anyone responsible for producing information to put on the website is aware of the advertising rules for their products.
Establish strict timing requirements for sending electronic notices to customers.
Monitor the process for obtaining customer agreement to receive disclosures electronically.
Maintain a checklist for your staff responsible for maintaining the website. Make sure they understand what logos and icons should be on the site and where they should be placed.