Auditing and Financial Management:

Bank Regulators' Evaluation of Electronic Signature Systems

GAO-01-129R, Nov 8, 2000

Contact:

Richard J. Hillman
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

This report discusses bank regulators' evaluation of electronic signature systems. Financial institutions use signature systems to verify or authenticate the identity of customers conducting financial and nonfinancial transactions over the Internet and other open electronic networks. Officials at the Office of the Comptroller of the Currency (OCC) and the Federal Reserve told GAO that they are developing an examination strategy for Identrus LLC, which is an entity that provides services to financial institutions to authenticate electronic signatures. OCCofficials have not determined what role they will play in assessing Identrus' operations, but they believe that financial institutions should take an active role in assessing the risks associated with electronic signatures.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendation for Executive Action

    Recommendation: Given that the importance of electronic signature systems is likely to grow, banking regulators need a consistent methodology for assessing the risks and appropriateness of internal controls surrounding such systems. The Chairman, Board of Governors of the Federal Reserve System, and the Comptroller of the Currency, should work through the Federal Financial Institutions Examination Council to develop guidance that includes criteria for evaluating electronic signature systems in order to provide reasonable assurance that electronic signatures generated by the system are valid.

    Agency Affected: Federal Reserve System: Board of Governors

    Status: Closed - Implemented

    Comments: In August 2001, the Federal Financial Institutions Examination Council released the guidance "Authentication in an Electronic Banking Environment" which addresses the verification of new customers and the authentication of existing customers. It applies to both retail and commercial customers and provides criteria for an effective authentication program.