We have attached sample remote deposit capture policies that we pulled from the ABA’s online compliance forum — we could not locate any policies that covered mobile banking in general. While we did not write these policies and cannot vouch for their accuracy, they may be helpful as a starting place for writing your own institution’s policy. With that said, we strongly recommend creating an individualized policy for your bank that reflects your mobile banking processes and your institution’s risks, as we discuss below.
The federal banking agencies have released plenty of guidance on mobile banking, remote deposit capture, and related issues, which we link to below. As an example, the FFIEC’s Risk Management of Remote Deposit Capture provides an excellent overview of the legal, compliance, and operational risks involved in remote deposit capture (RDC) (a term that includes payments via mobile phone). As stated in the guidance, “[r]isks may differ if the institution uses image exchange for a portion of the process or elects to use the ACH network throughout,” and different risks apply depending on whether you use a third-party service provider for some or all of your mobile banking services. For those reasons, your policy must reflect your institution’s mobile banking program (taking into account image exchange versus ACH network transactions, third party vendor risks, etc.).
The FFIEC guidance also includes some specific statements about developing mobile banking policies and procedures:
- Page 2: An institution’s board or management should approve RDC policies and procedures
- Page 4: Policies and procedures should include risk mitigation and controls (which, as noted on page 5, could include risk tolerance levels, internal procedures and controls, risk transfer mechanisms where appropriate and available, and well-designed contracts that meet the institution’s risk management needs)
- Pages 5–8: Some areas you may want to cover in a mobile banking policy include customer due diligence, vendor due diligence, customer training on RDC, contracts and agreements, and business continuity
There are many other resources from the federal banking agencies that you may want to examine as well:
Interagency/Federal Financial Institutions Examination Council (FFIEC)
- (as noted above) Risk Management of Remote Deposit Capture (January 14, 2009 ) (PDF)
- Guidelines Establishing Information Security Standards (OCC, FRB, FDIC)
- Authentication in an Internet Banking Environment (2005) (PDF)
Federal Deposit Insurance Corporation (FDIC)
- FDIC Supervisory Insights, Winter 2012: Mobile Payments: An Evolving Landscape
- FDIC Supervisory Insights, Winter 2011: Mobile Banking: Rewards and Risks
- FDIC Supervisory Insights, Summer 2009: Remote Deposit Capture: A Primer
Federal Reserve Board (FRB)
- Report: Consumers and Mobile Financial Services (March 2012)
- FRB Boston:
- Mobile Payments Industry Workgroup
- Payment Strategies Publications and Presentations:
- U.S. Mobile Payments Landscape — Two Years Later (May 2013)
- Evolving Mobile Payments Landscape (PDF Presentation) (May 2013)
- Mobile Phone Technology: “Smarter Than We Thought” (November 2012)
- Mobile Payments & Technology Landscape (PDF Presentation) (September 2012)
- The U.S. Regulatory Landscape for Mobile Payments (July 2012)
- Opportunities and Challenges to Broad Acceptance of Mobile Payments in the United States (July 2012)
- Evolving Mobile Landscape Challenges and Opportunities (PDF Presentation) (June 2012)
- Guiding Principles for Next Generation Mobile Payments (PDF Presentation) (May 2012)
- P2P: The FI Perspective (PDF Presentation) (April 2012)
- Mobile Payments in the United States: Mapping Out the Road Ahead (March 2011)
- Mobile Payments in the United States at Retail Point of Sale: Current Market and Future Prospects (May 2010)
- Mobile Payments Industry Roundtable Summary (January 2010)
- Mobile Phone: The New Way to Pay? (February 2007)
- RB New York: Understanding Risk Management in Emerging Retail Payments (PDF)
- (Summary), Federal Reserve Bank of New York Economic Policy Review (September 2008)