Do I have to perform a Risk Assessment on all of my electronic delivery channels?

The Guidance and the FAQ's are not explicitly clear on whether or not you "have" to perform a risk assessment on delivery channels other than online banking. However, once you have determined your risk assessment methodology you should be in a good position to include these. We believe that it is in your best interest to examine all electronic delivery channels, applying consistent analysis across the board. This does not necessarily mean that you will have to implement additional security measures to other channels, given that telephone banking, call centers and ATM networks generally have higher security measures already in place.