The Federal Financial Institutions Examination Council has issued the attached guidance, "Risk Management of Remote Deposit Capture," to assist financial institutions in identifying risks in their remote deposit capture (RDC) systems and evaluating the adequacy of controls and applicable risk management practices. The guidance addresses the necessary elements of an RDC risk management process - risk identification, assessment, and mitigation - and the measurement and monitoring of residual risk exposure. The guidance also discusses the responsibilities of the board of directors and senior management in overseeing the development, implementation, and ongoing operation of RDC.
Remote deposit capture, a deposit transaction delivery system, allows financial institution customers to deposit items electronically from remote locations. The primary RDC delivery method is the Internet.
A financial institution offering RDC should have in place sound risk management and mitigation systems and require adequate risk management at customer locations including, but not limited to, controls over retained nonpublic personal information.
Financial institutions whose RDC systems use the Internet as a communication channel should use effective methods to authenticate the identity of customers using those services. Single-factor authentication methods may not provide sufficient protection for Internet-based financial services.
Customer awareness of RDC systems and education about associated RDC risks are effective deterrents to the online theft of assets and sensitive information.
FDIC-Supervised Banks (Commercial and Savings)