Enhancing Federal Oversight of Internet Banking Activities
T-GGD-99-152: Published: Aug 3, 1999. Publicly Released: Aug 3, 1999.
Pursuant to a congressional request, GAO discussed the regulatory efforts to identify and mitigate risks to U.S. depository institutions' operations introduced by the growth in the use of Internet banking systems, focusing on: (1) the risks posed by Internet banking and the extent of any industrywide Internet banking problems; (2) how the five U.S. financial regulators track institutions' plans to provide Internet banking services; (3) how regulators have begun to examine Internet banking activities; and (4) the extent to which regulators have examined firms providing Internet banking support services to institutions.
GAO noted that: (1) Internet banking heightens various types of traditional banking risks and GAO's review of 81 examinations showed that roughly 44 percent of the depository institutions examined had not completely implemented risk-management steps that regulators said are needed to limit on-line banking risks; (2) shortcomings included some institutions' lack of approval of strategic plans by their board of directors and a lack of policies and procedures at some institutions for Internet banking operations; (3) however, too few examinations had been conducted at the time of the review to identify the extent of any industrywide Internet banking-related problems; (4) regulators attributed their limited number of examinations to a diversion of examiners to higher-priority efforts to address the year 2000 computer problems and to their limited number of examiners with expertise in information systems; (5) GAO's work found that some regulators could use more systematic methods for identifying institutions' plans for new Internet banking systems and maintaining this information centrally; (6) GAO found that regulators use a variety of methods to identify depository institutions that already offer Internet banking services, but that only two of the regulators centrally collected information on plans for new services; (7) GAO found that regulators could benefit from adopting systems to keep abreast of institutions' plans for new Internet banking services and to allow them to proactively oversee this new and evolving banking activity; (8) GAO found variations in the supervisory approaches regulators followed to help ensure that institutions mitigate the risks posed by Internet banking; (9) GAO found that the Federal Deposit Insurance Corporation (FDIC) has completed the most examinations of on-line banking operations, and that the Office of Thrift Supervision and FDIC have been actively issuing policies and procedures for Internet banking examinations; (10) in contrast, the National Credit Union Administration (NCUA) had not conducted any Internet banking examinations at the time of GAO's fieldwork and was the only regulator that had not developed procedures for Internet banking examinations; (11) five regulators are beginning to work cooperatively to carry out a study of third-party firms providing Internet banking support services; and (12) although NCUA is part of the joint study, GAO is concerned that third-party firms providing services solely to credit unions are not being reviewed.