About Us | Contact Us
View Cart

Coming Soon: The Branchless Banking Kit!

By Vigilize | Thursday, April 12, 2012 - One Comment

It’s hard to believe almost a year ago Infotex set out on the path to create a new “branchless banking kit” which would include all the IT policy and procedure templates necessary to address a total re-write of the typical “E-banking Policy.” The decision to do this was accompanied by an article in Dan’s New Leaf entitled “Manifesto: Time to Revolutionize our E-banking Policies.” The original article is as follows:

    Manifesto: Time to Revolutionize our E-banking Policies
    I’m in the midst of writing an article about Wireless Banking. I’m actually working two articles: one about the Top Five Risks of Wireless Banking, the other a drill-down on the Compliance Risks of Wireless Banking. In the process, I’m reviewing a few E-banking policies for Clients nice enough to allow my participation in their efforts to mitigate this particular Wireless Banking Compliance Risk.
    As I review the policies before me, having reviewed a few already in my auditing experiences, I recognize a common problem in their structure. You see, we auditors see the same policy almost everywhere we go, and whenever we see proposed updates, they still follow the same old structure. E-banking policies, like many other IT related policies, were all born in the late 1990’s, layering iteration after iteration of modification after modification into a document that already has to be banged into shape by the constraints of many different laws and regulations.
    Thus, I declare this manifesto:
    Re-create a more organic structure. Instead of merging yet another new delivery system into an already hodge-podge policy/procedure document, it’s time to back up and create a policy that more closely conforms to the way technology has evolved, while supporting existing compliance frameworks.
    Policy modifications result from the adoption of new technologies. We are going to continue experiencing new electronic banking delivery channels, and we are not going to be able to predict how they materialize.
    Our existing E-banking policies are iterations of E-banking policies that originated in the 1990’s, prior to on-line banking, to address ATM’s and telephone banking as well as new payment processing technologies such as electronic wire transfers and electronic funds transfers. As new delivery systems, payment processes, and authentication solutions became available, the E-banking policy evolved into a collection of after-thoughts trying to address new technologies as they emerge.
    We should consider rewriting the policy with a new structure, centered around the concept of “Branchless Banking” rather than “E-banking.” The policy would address the three primary asset categories: Payment Processes, Delivery Systems, and Authentication Solutions.
    Branchless Banking Policy

    • Introductory Stuff (Scope, Author, Date, Approval, etc. depending upon institution)
    • Payment Processes
      • Electronic Funds Transfer
      • Electronic Wire Transfer
      • ACH Transactions
      • Billpay
      • Remote Capture Deposit
    • Mobile Payment Processes
      • P2P
      • Scan and Pay
      • Square
      • Paypal
      • Consumer Capture
    • Delivery Systems
      • ATMs, Kiosks
      • Telephone Banking
      • On-line Banking
      • Wireless Banking
    • Authentication Solutions
      • ATM cards.
      • Credit cards.
      • Debit cards.
      • Login Credentials
      • Tokens (Hard and Soft)
      • Cell or Smart Phone
      • GPS Position
    • Concluding Stuff (update schedule, related policies and procedures, distribution list, etc. depending on institution)

    Within each asset, be it a payment process, delivery system, or authentication solution, the following would be addressed as appropriate:

    • Strategy
      • Alignment with Business Strategy
      • Return on Investment Considerations
      • Training Objectives
      • Adoption Strategy (Diffusion Theory)
      • Deployment Objectives
      • Strategic Risk
    • Risk Management
      • Initial Risk Assessment
      • Vendor Due Diligence Requirements
      • Ongoing Risk Management
      • Data Security Objectives
      • Record Retention
      • Legal Risk Mitigation
      • Compliance Risk
    • Applicable Laws
      • BSA / AML
      • CTF
      • ADA
      • EFT Act (see Reg E below)
      • E-Sign Act
      • FACTA (and the Red Flags Rule)
      • GLBA
      • OFAC
      • UCC Article 4A
      • US Patriot Act (CIP and KYC)
      • ______________________ Next Law Here
    • Applicable Regulations
      • Regulation B, Equal Credit Opportunity
      • Regulation CC, Availability of Funds and Collection of Checks
      • Regulation DD, Truth in Savings
      • Regulation E, Electronic Fund Transfers
      • Regulation M, Consumer Leasing
      • Regulation Z, Truth in Lending
      • ______________________Next Regulation Here
    With this new approach in structuring the policy, as new technologies emerge, new policies can be added without organically ruining existing policies. Meanwhile, these must be high-level policies that establish guidance for the creation of procedures and the creation/acquisition of tools. The Branchless Banking Policy must document POLICY statements rather than procedures or inventories. It must establish goals, objectives, and strategy directives. The actual procedures, tools, and tactics will be documented in separate documents.
    This would be a bit of a revolution, but it has happened before. I see the Branchless Banking Policy Revolution as being similar to the day when we finally put our foot down and insisted on one stand-alone Acceptable Use Policy!

We’re almost there! Look for the new Branchless Banking Kit in the next 30 days or so!

One Response to “Coming Soon: The Branchless Banking Kit!”

Comment from Diana Timberlake
Time 07/08/2013 at 7:54 am

I need to redo our Remote Deposit Capture policy. Do you have any sample policies available? I am looking for what is required to be in the policy. I attended your seminar with Michelle Sloan at IBA on June 6. Thanks in advance for any help you can provide.

Latest News
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    The joint cybersecurity advisory includes the 15 most exploited vulnerabilities reported in 2021… An article review.  While a lot of attention is focused on previously undisclosed or “zero day” attacks, some of the most likely attack vectors are vulnerabilities that have been widely known for weeks or even months.  That’s according to a new joint […]
    Threats are changing, EDR can help us adapt . . . Today’s advanced persistent threat (APT) understands that the IT landscape has changed. In the post-COVID age, more and more organizations have adopted some form of work from home.  While WFH offers many conveniences, it also imparts increased risks. BitSight conducted a 2021 study of […]
    The Five Precepts of IT Vendor Management Webinar-Movie We’re going back to basics on Vendor Management. This webinar will give you a training tool to help out that new person that is starting to take on the gargantuan task that is Vendor Management.
    A new way of helping people “read” new guidance… Look for more in the future! To save you time, we are proud to present “Adam Reads” . . . recorded versions of our Guidance Summaries! Below you can find an embedded player for the audio file. If you are having issues with that working, you […]
    You think you’ve finally found stability in your to-do list. Your goals are set, and you’re even making great progress on them all. Audit findings: all addressed. Management requests: Under control. Heck, you might even be able to leave the office five minutes early at least once this year. Then BAM! A press release from […]
    Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates.  New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    According to a new survey, more organizations than ever are reporting problems with cybersecurity staffing… An article review. While pandemic related mandates and restrictions are gradually being lifted across the country, many organizations are still feeling the effects in one important area: staffing.  That’s according to ISACA’s annual State of Cybersecurity survey, which asked over […]
    Understanding Banking Trojans… Another Technical Article by Tanvee Dhir! What are Banking Trojans? A trojan is a malicious program that masquerades as a genuine one. They are often designed to steal sensitive information from users (login passwords, account numbers, financial information, credit card information, etc.). A banking trojan is a malicious computer program designed to […]