FDIC Financial Institution Letter FIL-4-2009 concerning risk management of remote deposit capture:
http://www.fdic.gov/news/news/financial/2009/fil09004.htmlBelow is a suggested Action Plan:
Any institution that is planning on implementing or has already implemented Remote Deposit Capture would:
-Conduct a risk assessment to identify and risk-rate each type of threat and risk exposure relating to RDC activities, determine the existing controls currently in place, and determine which high risk activities require additional mitigation;
-Ensure that contracts and agreements are comprehensive and sufficiently identify roles, responsibilities, and liabilities of each party to effectively minimize compliance and legal risks;
-Implement appropriate policies to establish procedures and controls to help mitigate risks associated with RDC;
-Conduct customer due diligence procedures to determine suitability for new and existing customers requesting to use the institution’s RDC delivery system;
-Develop a training program to provide initial and on-going training to RDC customers;
-Address the recovery and resumption of RDC operations within the institution’s business continuity plan;
-Consider RDC when updating the business impact analysis and include RDC in the testing strategy; and
-Develop a process for monitoring RDC operations and customer activity through reports, reviews, and periodic risk assessments.