About Us | Contact Us
View Cart

Coming Soon: The Branchless Banking Kit!

By Vigilize | Thursday, April 12, 2012 - One Comment

It’s hard to believe almost a year ago Infotex set out on the path to create a new “branchless banking kit” which would include all the IT policy and procedure templates necessary to address a total re-write of the typical “E-banking Policy.” The decision to do this was accompanied by an article in Dan’s New Leaf entitled “Manifesto: Time to Revolutionize our E-banking Policies.” The original article is as follows:

    Manifesto: Time to Revolutionize our E-banking Policies
    I’m in the midst of writing an article about Wireless Banking. I’m actually working two articles: one about the Top Five Risks of Wireless Banking, the other a drill-down on the Compliance Risks of Wireless Banking. In the process, I’m reviewing a few E-banking policies for Clients nice enough to allow my participation in their efforts to mitigate this particular Wireless Banking Compliance Risk.
    As I review the policies before me, having reviewed a few already in my auditing experiences, I recognize a common problem in their structure. You see, we auditors see the same policy almost everywhere we go, and whenever we see proposed updates, they still follow the same old structure. E-banking policies, like many other IT related policies, were all born in the late 1990’s, layering iteration after iteration of modification after modification into a document that already has to be banged into shape by the constraints of many different laws and regulations.
    Thus, I declare this manifesto:
    Re-create a more organic structure. Instead of merging yet another new delivery system into an already hodge-podge policy/procedure document, it’s time to back up and create a policy that more closely conforms to the way technology has evolved, while supporting existing compliance frameworks.
    Policy modifications result from the adoption of new technologies. We are going to continue experiencing new electronic banking delivery channels, and we are not going to be able to predict how they materialize.
    Our existing E-banking policies are iterations of E-banking policies that originated in the 1990’s, prior to on-line banking, to address ATM’s and telephone banking as well as new payment processing technologies such as electronic wire transfers and electronic funds transfers. As new delivery systems, payment processes, and authentication solutions became available, the E-banking policy evolved into a collection of after-thoughts trying to address new technologies as they emerge.
    We should consider rewriting the policy with a new structure, centered around the concept of “Branchless Banking” rather than “E-banking.” The policy would address the three primary asset categories: Payment Processes, Delivery Systems, and Authentication Solutions.
    Branchless Banking Policy

    • Introductory Stuff (Scope, Author, Date, Approval, etc. depending upon institution)
    • Payment Processes
      • Electronic Funds Transfer
      • Electronic Wire Transfer
      • ACH Transactions
      • Billpay
      • Remote Capture Deposit
    • Mobile Payment Processes
      • P2P
      • Scan and Pay
      • Square
      • Paypal
      • Consumer Capture
    • Delivery Systems
      • ATMs, Kiosks
      • Telephone Banking
      • On-line Banking
      • Wireless Banking
    • Authentication Solutions
      • ATM cards.
      • Credit cards.
      • Debit cards.
      • Login Credentials
      • Tokens (Hard and Soft)
      • Cell or Smart Phone
      • GPS Position
    • Concluding Stuff (update schedule, related policies and procedures, distribution list, etc. depending on institution)

    Within each asset, be it a payment process, delivery system, or authentication solution, the following would be addressed as appropriate:

    • Strategy
      • Alignment with Business Strategy
      • Return on Investment Considerations
      • Training Objectives
      • Adoption Strategy (Diffusion Theory)
      • Deployment Objectives
      • Strategic Risk
    • Risk Management
      • Initial Risk Assessment
      • Vendor Due Diligence Requirements
      • Ongoing Risk Management
      • Data Security Objectives
      • Record Retention
      • Legal Risk Mitigation
      • Compliance Risk
    • Applicable Laws
      • BSA / AML
      • CTF
      • ADA
      • EFT Act (see Reg E below)
      • E-Sign Act
      • FACTA (and the Red Flags Rule)
      • GLBA
      • OFAC
      • UCC Article 4A
      • US Patriot Act (CIP and KYC)
      • ______________________ Next Law Here
    • Applicable Regulations
      • Regulation B, Equal Credit Opportunity
      • Regulation CC, Availability of Funds and Collection of Checks
      • Regulation DD, Truth in Savings
      • Regulation E, Electronic Fund Transfers
      • Regulation M, Consumer Leasing
      • Regulation Z, Truth in Lending
      • ______________________Next Regulation Here
    With this new approach in structuring the policy, as new technologies emerge, new policies can be added without organically ruining existing policies. Meanwhile, these must be high-level policies that establish guidance for the creation of procedures and the creation/acquisition of tools. The Branchless Banking Policy must document POLICY statements rather than procedures or inventories. It must establish goals, objectives, and strategy directives. The actual procedures, tools, and tactics will be documented in separate documents.
    This would be a bit of a revolution, but it has happened before. I see the Branchless Banking Policy Revolution as being similar to the day when we finally put our foot down and insisted on one stand-alone Acceptable Use Policy!

We’re almost there! Look for the new Branchless Banking Kit in the next 30 days or so!

One Response to “Coming Soon: The Branchless Banking Kit!”

Comment from Diana Timberlake
Time 07/08/2013 at 7:54 am

I need to redo our Remote Deposit Capture policy. Do you have any sample policies available? I am looking for what is required to be in the policy. I attended your seminar with Michelle Sloan at IBA on June 6. Thanks in advance for any help you can provide.

Latest News
    Thanks for being interested in our Technology Planning Webinars! This year‘s annual update to our annual Technology Planning webinar will include a panel discussion, a review of the previous years’ movies that are already available, and a discussion about alternative tactics that have arisen from recent conferences as well as the impact of the AIO […]
    Welcome Cybersecurity Conference Attendees! Thanks for joining us for the Cybersecurity Conference today! We have created this page for you to have access to the deliverables from Dan’s talk.  
    What you need to know for compliance coast-to-coast. Back in 2020 we posted an article containing links to data breach laws from each state, and it has proven to be one of our more popular posts.  Because laws surrounding the use (and abuse) of technology are always evolving, we thought it was worth taking another […]
    Why It Rhymes With SEEM (And its Not the I Before E Rule) Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . It’s the Gestalt. The idea that the whole is greater than the sum of it’s parts. That’s not something that is often brought […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
    Four Conditions … …For Why a Network Can be Anything But a Network! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have to admit that infotex is being called into engineering meetings with larger organizations these days that are NOT community based banks.  We […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]