Next month our bank will be able to provide monthly checking account statements via an encrypted and secure email. I'm interested in hearing from anyone who is providing this service (or thinking about it) and if you have experienced any problems, what kind of disclosures you provide, just your comments in general about the service.
Thanks for your comments.

I'm interested in knowing too whether banks are choosing the encrypted email approach as Phyllis' bank is, or alternatively having the statement available for "pick-up" inside the transactional website behind the log-in?

Is this encrypted email within your online banking system? Do you send a separate email to the customer's "real world" email address to alert them to the fact that the statement is available for viewing via the encrypted email, or are they just expected to periodically check?

Mary Beth's question is important. The Commentary to Regulation E section 205.17(c) tells us that the electronic address to which you deliver disclosures (including statements) required by the regulation is

quote:

---

an e-mail address that is not limited to receiving communications transmitted solely by the financial institution.

---

This is frustrating to banks that would like to use a proprietary encrypted e-mail (perhaps within their Web banking system?) to deliver these messages. It appears we are left with the need to notify customers "in the clear" that their statement is ready for pickup, or an encrypted e-mail message with decrypting capability at the customer end.

My curiosity gets the better of me. Will the e-statements include all the Reg. DD requirements, as well as the Reg E error-correction notice, which we bankers typically print on the reverse of our paper statements?

[This message has been edited by John Burnett (edited 07-31-2001).]

Good points. I am of the mind set that with e-notices I would lean towards leaving the notice on a Web page, referred to in each statement or notice to the customer.

Reg. DD requirements would have to be met. With imaged statements this shouldn't be too hard to do.

I have heard that there is a chance that the October date may be backed up. This may assist some banks who are dependent on using closed loop e-mails such as is typical with Internet banking products.

------------------
Andy Zavoina
Opinions stated are not necessarily that of my employer.

In response to Ken, Mary Beth, and John's questions, (1) No, our customer does not have to have Online Banking Access (2)the email will go to the customer's "real world" email address. The e-statement is an attachment to an email notification. The customer must have a current version of "Adobe Acrobat Reader" (which they can download from our website) to open the statement. When they click on the statement attachment, Adobe opens and a password is requested. (We establish a password at the time the service is requested.)
(3) We send the reverse side of our "paper" statement -which has the required Reg-E error resolution disclosure- as the last page of the email statement. The Reg DD items are printed on the front of the document based on the account type.
One other item I'd like to find out if you're providing e-statements - is anyone assessing a charge for statement or images? We (probably) won't, but wondered what others may be doing.

[This message has been edited by Phyllis S (edited 07-31-2001).]

Our folks are working on a similar product now.

There will not be an additional cost. In my mind, additional costs should be considered if they come back and request a paper copy even though there are no problems with the e-version. I am told it is common that customers want both.

One of my concerns is that it is estimated that e-mail addresses will turn over at a rate of one-third annually. If you have a large number of accounts that means you'll have someone updating these and attempting re-delivery for the returned statements. Our system does not allow the customer to maintenance their own addresses, though I understand some do.

------------------
Andy Zavoina
Opinions stated are not necessarily that of my employer.

OK John, Andy, and Mary Beth. Bear with me, I'm a little slow in the tech department. Please explain to me what the Commentary is saying here.

So do you think we can we provide the statement behind the log-in or not? Would it have to be further password protected or would the log-in be sufficient to access? If the former, what would as John says, "a proprietary encrypted e-mail perhaps within their Web banking system" look like? Or,

Am I reading you right, Andy, that a bank could (or must) send an email message through regular email channels (and not through the website) with the statement attached, encrypted and password protected?

Thanks in advance for the chalkboard explanation!

[This message has been edited by Ken Holmes (edited 08-01-2001).]

[This message has been edited by Ken Holmes (edited 08-01-2001).]

You can do one of two things, as the rules are now.

1) Send an e-mail, either encrypted or with an encrypted attachment. This provides the disclosure/statement directly to the customer. It has to be on an open system and not on a bank's proprietary system. The latter is common to Internet banking programs but the Feds are afraid consumers will miss things because of inactivity. Remember, the customer will have to have demonstrated the ability to decrypt and read the messages under e-sign and a substantive change could require a re-demonstration.

2) Send a notice through the open system telling the consumer that their disclosure/statement is available and provide the URL they go to to retrieve it. This would likely be your Internet banking Web site that is secured and requires log-on identifications. That would be sufficient for security.

If either of those comes back as undeliverable, you need to use another means for re-delivery. This could be another e-mail address in the open system if you have it, or paper and snail mail.

------------------
Andy Zavoina
Opinions stated are not necessarily that of my employer.

I understand now. Thanks for a clear explanation!

Did I miss something here? What is the October date Andy Z is referring to?

I believe Andy is referring to the Interim Final rules published 03/29/01 for the electronic deliveryof federally mandated disclosures under Regs B, E, M, Z, and DD.

The mandatory compliance date is October 1, 2001.