IBA Compliance Connection

Your go to source for compliance!

We have added a “device bar” at our main branch with Android and Apple devices that customers can use to access internet banking and sign up for mobile banking. Our wifi network is password-only, which we do not give out to our customers. Through the devices, customers have access to our wifi network, but they can access only our website and a few other specific sites, such as a mortgage calculator website. Do we need to provide any disclosures regarding our wifi network?

Aug 31, 2017

—

No, you are not required to provide specific disclosures, although certain disclosures and policies may be prudent. For example, your bank may wish to require guests to agree to a “wifi acceptable use” policy; we have provided two examples of such policies below.

In addition, we note that providing your customers access to a limited number of third-party websites may be considered analogous to “weblinking.” The term “weblinking” generally refers to the process of including a link on your bank’s website to another website run by a third party. Interagency guidance on weblinking recommends that banks clearly and conspicuously explain their limited role and responsibility with respect to products and services offered through linked third-party websites. The interagency disclosure recommendations for weblinking do not apply, however, if the third-party website offers services on behalf of your bank. Consequently, depending on whether the third-party websites provide services on your behalf, you also may wish to include the recommended weblinking disclosure within your acceptable use policy or separately on the home screen of your devices.

For resources related to our guidance, please see:

Sample Wireless Internet Acceptable Use Policies: Community Choice Credit Union Guest Wireless Internet Access and Franklin & Marshall College Guest WiFi Acceptable Use Policy.

Interagency Guidance on Weblinking (April 23, 2003) (“Financial institutions should use clear and conspicuous webpage disclosures to explain their limited role and responsibility with respect to products and services offered through linked third-party websites. The level of detail of the disclosure and its prominence should be appropriate to the harm that may ensue from customer confusion inherent in a particular link. The institution might post a disclosure stating it does not provide, and is not responsible for, the product, service, or overall website content available at a third-party site. It might also advise the customer that its privacy [policies] do not apply to linked websites and that a viewer should consult the privacy disclosures on that site for further information. . . .”)

Interagency Guidance on Weblinking (April 23, 2003) (Footnote 3: “This guidance applies to links to third parties that offer products, services, or information directly to financial institution customers. It does not apply to operational links from a financial institution’s website to a third party service provider that is providing services on behalf of the financial institution, e.g., a link to the institution’s Internet banking service provider.”)