skip to navigation
skip to content

Financial Outsourcing Solutions

Compliance-Inside-Header.jpg

FOS Blog

02 Aug
2019

Be Careful with That Online Account Opening!

Be Careful with That Online Account Opening!

A year ago on May 24, 2018, EGRRCPA Section 213 authorized “Making Online Banking Initiation Legal and Easy” (MOBILE).  The intent was to make online account opening easier and was effective immediately upon enactment.  It allowed an institution to use an image of a driver’s license to open online accounts.  What a boom for banks!  But some snags have been noted.

First, it only permits state issued drivers’ licenses or personal identification card to be used.  If your CIP (Customer Identification Program) allows for other government-issued identification, beware!  It’s not allowed in this circumstance.  So, if you’re a government employee or a military servicemember and that’s your only ID, you’re out of luck!

It allows that ID to be “scanned” – using a device or software to decipher, in an electronically readable format, personal information displayed on or electronically encoded on a driver’s license or personal identification card.  That means I can photograph my ID and email it to the institution.  What kind of security of your nonpublic personal information is provided during transmission?

Once the scan is received, the institution must record and retain the relevant information. The information can be used to verify authenticity of the driver’s license and identity of the individual but then the image must be deleted. How do you assure permanent deletion from your electronic “deleted” files?  And what about CIP record retention? Does that mean I can’t keep the image on file for at least 5 years as required by BSA? If your bank requires retention of the identifying document, you’re out of luck for online account opening or your BSA Policy needs a revision.  Doesn’t that defeat the purpose?

So, before you run to adopt this technology, you’d better check your information security and BSA/CIP policies to be able to support that statement in your Privacy Notice that you have physical and procedural safeguards to protect nonpublic personal information.

For additional information contact the author at edehmey@fosaudit.com.

Related posts:

  1. Interagency Prepaid Card Guidance
  2. EMV and the Bank
  3. ECCHO, ECK, ECI – What the “E” is happening with electronic check processing?
  4. Dormant Account Fraud – The Importance of Proper Monitoring

|