How are smaller banks, say in the $200M asset size, managing compliance risk when diving into online account opening? I'm very concerned about CIP-CDD-EDD. I cannot fathom never obtaining a wet signature or seeing a check prior to accepting a deposit. Also, asking the CDD-EDD questions online is completely different than in person regarding getting a feel for the customer. Do most banks also open new accounts online for businesses, trusts, estates, etc? Is there a vetted software company that is preferred for this endeavor?
During a review of the account, we noticed several transactions to Cash App, to the same people from last December and one in January. These were NOT disputed. Should we inquire about these transactions? If so, could we start our calculation from the statement date (plus 60 days) from the statement with the first unauthorized transaction? Does it make a difference that the December, the May and June transactions were on different cards? (The customer has had multiple cards.)
What is the bank's responsibility when it comes to online banking fraud? We have a customer, his niece got ahold of his account number, signed him up for online banking, sent out P2P payments to herself and others, and now he's negative in his account. He did file a police report against her. Does this fall on the customer or the bank?
Does CAN-SPAM apply to those emails sent by platform employees to let their preferred customers know of new rates, etc.?
Is CAN-SPAM limited to emails to consumers?
We have learned that if a customer has an address outside of the U.S. they cannot use the bill pay feature of our internet banking program. Once their address is changed to a U.S. address they do have access to bill pay. Is this a requirement due to a U.S. banking regulation regarding persons with international addresses and online payments? Or is this simply a voluntary security feature of our online banking vendor?
If our Bank is adopting an account closing survey and they want to send it to closed account customers by text and email, does this fall under the
CAN-SPAM rules? They are only requesting feedback, there is no promotional material.
Are other banks performing callbacks for customers completing online auto-enrollments? If not, what are the controls for preventing fraud?
Is there a rule or regulation that requires banks to make their online banking customers change their online banking password periodically?
We would like to create an easier way for our consumers to sign up for E-Statements. What are the requirements, compliance wise for this? Currently, our customers need to log into their online banking, view a PDF disclosure that generates a "code", and customer then has to type in code and agree to terms and conditions. Compliance wise- can consumers just sign the disclosure/consent in person at lobby?