The OGO Blog

FFIEC IT HandBook – E-Banking Part 2

cloud security, disaster recovery, business impact analysis, bia, dr

hIf you’ve followed our blogs lately, you may have noticed our focus has been on providing educational material to help you as a Credit Union leader mitigate the risks you encounter. E-banking (online banking) is a necessary delivery channel that your members have come to expect. Providing the service does not come without risks however.  The FFIEC IT Handbook – E-Banking section is not only an authoritative guide for assessing the risks of E-banking but also an excellent guideline for mitigation as well.

In order to mitigate the risks of E-Banking, you must be able to identify them. Specifically, E-Banking risks can be categorized as:

As a Credit Union leader you’ve seen these categories time after time, however – this time around, consider the E-Banking service you are providing and assess your risks.


  • Transactional Risks – Online banking is not new so for the most part, if you’ve secured your service through a well-known provider, transactional risk should not be a huge issue for your Credit Union. The key is to perform the due diligence on the provider, insisting their operational procedures and internal controls meet or exceed your own. The FFIEC also warns of the complexity involved in providing a 365 day a year, 24 hours day solution. The Credit Union must ensure it has the resources (technologically and personnel) to support that level of service.
  • Credit Risk – As stated in the handbook, your Credit Union’s credit risk is generally not increase simply because you offer loan origination through an e-banking channel.  FFIEC does however give caution that is the overall process (defined below) is not managed properly via internal controls, procedures and policies – that credit risk could increase.
  • Verifying the customer’s identity for on-line credit applications and executing an enforceable contract;
  • Monitoring and controlling the growth, pricing, underwriting standards, and ongoing credit quality of loans originated through e-banking channels;
  • Monitoring and oversight of third-parties doing business as agents or on behalf of the financial institution (for example, an Internet loan origination site or electronic payments processor);
  • Valuing collateral and perfecting liens over a potentially wider geographic area;
  • Collecting loans from individuals over a potentially wider geographic area; and
  • Monitoring any increased volume of, and possible concentration in, out-of-area lending.
  • Liquidity, Interest Rate, Price/Market RisksThis section is best for your CFO/CEO to read and digest. Review carefully to gain a full understanding of the risks.
  • Compliance/Legal RiskCredit unions that offer e-banking services assume a higher level of compliance risk because of the changing nature of the technology, the speed at which errors can be replicated, and the frequency of regulatory changes to address e-banking issues. The potential for even more violations is further heightened by the need to ensure consistency between paper and electronic advertisements, disclosures, and notices. The full list of applicable regulations are located here.
  • Strategic Risk – Your board should have a high level understanding of your E-Banking activities and risks. Balancing the need of your members with the cost of innovation is a decision only your board can address. Are you an early adopter? If so, understand the risks are higher and often the costs incurred are higher as well. On the other hand, if you  are slow to adopt E-Banking (and it’s evolving platforms), you risk losing your members to institutions more fully engaged with the technologies. Normal ROI evidence should be presented to the board and carefully (deliberate) implementation plans developed.
  • Reputational Risk – Unauthorized access is your worst enemy here. One breach can undo ten years of membership gain and destroy trust. Protect this asset as if it were your core, if not more so. Poor service can also undermine your E-Banking reputationslow connectivity, inconvenient maintenance windows and lack of helpdesk type support are all high in the “red zone” warning flag for consumers. 

Related Content:

Credit Union Compliance and Credit Union Risk Management

Top Components to Look for Online Banking Hosting

How Important Is Online Banking in Credit Union Disaster Recovery?

Top 10 Credit Union BIA Business Process

Have Questions? Contact Us: