Federal Deposit
Insurance Corporation

This comment letter is submitted by Visa U.S.A. Inc. ("Visa") in response to the requests for comments pursuant to section 729 of the Gramm-Leach-Bliley Act (the "GLB Act"), which requires the Federal Reserve Board ("FRB"), the Office of the Comptroller of the Currency ("OCC"), the Office of Thrift Supervision ("OTS") and the Federal Deposit Insurance Corporation ("FDIC") (collectively, the "Agencies") to conduct a study of banking regulations regarding the online delivery of financial services and to report to Congress the Agencies' recommendations on adapting existing legislative or regulatory requirements to online banking and lending. To assist in their review of the various financial services regulations, the Agencies issued requests for comments on whether any regulations should be amended or removed in order to facilitate online banking. Visa appreciates the opportunity to comment on this critically important subject.

The Visa Payment System, of which Visa U.S.A.¹ is a part, is the largest consumer payment system in the world, with more volume than all other major payment cards combined. Visa plays a pivotal role in advancing new payment products and technologies to benefit its 21,000 member financial institutions and their millions of cardholders worldwide.

Fostering Electronic Commerce and Online Banking

Foremost, Visa strongly encourages both Congress and the Agencies to take proactive initiatives to foster electronic commerce and online banking. Congress and the Agencies must guard against the tendency to be suspicious of new technologies and new ways of doing business and, in particular, should avoid implementing prophylactic rules in areas where there is little evidence of actual harm. In this regard, the most significant impediment in current Agency rules to online banking and lending is the public e-mail alert and related redelivery requirements under the FRB's interim final rules on electronic communications ("Interim Final Rules").

Section 729 of the GLB Act implicitly recognizes advances in technology, the growth of online commerce, and the enormous potential for improving the efficiency and reducing the cost of delivering financial products and services to bank customers. However, to fully recognize this potential, the existing regulatory structure applicable to these transactions must be made more receptive to the delivery of financial products and services in an online environment.

Visa understands that adapting existing statutes and regulations to the online environment is particularly challenging. It simply is not possible to identify all of the statutory and regulatory requirements that impede the development of online banking. Visa believes the most obvious impediments are express requirements that transactions be conducted on paper. The Electronic Signatures in Global and National Commerce Act ("E-Sign Act") and the FRB's Interim Final Rules represent significant attempts to address these requirements; however, as is discussed more fully below, both efforts themselves unintentionally raise new impediments to online banking transactions.

In addition to these express requirements, there exists a wide range of statutory and regulatory requirements that, while they may not expressly prohibit online transactions, are based on practices that arose in the paper environment. By their very structure, these requirements may effectively mandate the continuation of paper-based practices. Such requirements may effectively preclude the offering of innovative online products or limit the efficiencies that these products can offer. For example, the concept of periodic statements is rooted in the historic practice of banks to advise customers of the status of their accounts at regular intervals when customer access was not otherwise available. In an age where customers may access account information by initiating  contact with the bank electronically at intervals chosen by the customer often daily regulations mandating the delivery of statements on a monthly or other specific periodic basis may artificially and unnecessarily constrain a bank's options for delivering information to its customers.

Requirements rooted in paper-based practices may often be difficult for regulators to identify. Because the limitations are not express, the limitations often are not identifiable by banks until product implementation plans are considered. Once identified, a bank must either accept the regulatory requirement and comply with it, develop a means of working around the requirement, or seek regulatory relief. A bank, however, may be reluctant to seek relief out of concern that it will disclose proprietary product development information. For example, if a bank has a new product that is impeded by a regulatory requirement and the bank petitions the regulator for a change in the regulation, the regulator may put the issue out for comment explaining the context in which the issue arose. Thus, any timing advantage that the bank would otherwise have over its competitors because of its developmental work will almost certainly be lost during the comment period. Similarly, in order to maintain a competitive advantage, many banks will not seek regulatory guidance because they do not wish to call attention to their "work around."

The fact that these requirements often are identified in the development process increases the difficulty in conducting a survey of existing statutory and regulatory requirements that could impede online banking and lending. Impediments will tend to surface and be addressed one-by-one, or a few at a time, making only a limited number of issues visible at any point in time. At the same time, the difficulty in identifying regulatory impediments ahead of time highlights the need to improve the regulatory environment for online banking. Improving the regulatory process would reduce the likelihood that the prospect of costly delays would discourage product development or cause banks to abandon innovative products in the process of development. Furthermore, regulatory hurdles increase the projected cost of launching an innovative product so as to make an already uncertain prospect for return on investment an unacceptable risk.

Although there is no complete solution to this dilemma, Visa believes that Congress and the Agencies can make significant progress in removing impediments to online commerce by addressing the issues identified below. In addition, Congress and the Agencies can undertake proactive initiatives to foster electronic commerce and online banking. For example, the E-Sign Act, the FRB's early efforts to normalize electronic disclosures, and the OCC's recent proposed rule on electronic banking illustrate governmental initiatives that can help to remove barriers to online banking.

At the same time, Congress and the Agencies should carefully guard against the tendency to be suspicious of new technologies and new ways of doing business. It is easy to be concerned about the potential for abuse in market practices that are as yet unidentified. However, the adoption of prophylactic measures to guard against potential abusive practices will inevitably lead to increased compliance costs and the stifling of innovation, the effects of which will be impossible to measure. Where technologies and market practices are evolving, as they currently are for online commerce, the likelihood that well intended prophylactic requirements will prove unnecessary or misdirected is high, as is the likelihood that they will create substantial unintended impediments to innovation. In this context, Visa believes a wait and see approach to the potential problems that may arise from new developments is the most prudent course.

Accordingly, while Congress and the Agencies should work toward removing existing barriers, they also should guard against erecting new ones by limiting regulatory requirements to remedial requirements designed to address identified problems, rather than speculating about potential problems. At the same time, when problems are identified, to the extent feasible, prescriptive "command and control" rules should be avoided in favor of rules establishing general principles, but leaving the method of achieving those principles to the affected entities. For example, Visa believes solutions to problems that harness market forces to solve problems such as by increasing market transparency should be favored over rules listing acceptable or unacceptable practices. Even where transparency is the chosen approach, the ability to achieve transparency through nonregulatory means, including agency studies with broad dissemination of the results or, if that is not practical, through regulatory means that focus on making information available on request, should be considered before resort is made to more costly one-on-one disclosures. Finally, Congress and the Agencies should be receptive to, and be prepared to act quickly on, requests to consider alternatives to existing regulatory strictures, where they are identified as impeding innovation.

Below Visa has provided some examples of regulations or laws that not only impede the delivery of online banking and lending products, but hinder the actual development of such products.

Public E-Mail Requirement Under the FRB's Interim Final Rules

The public e-mail requirement under the FRB's Interim Final Rules states that electronic disclosures may be delivered to a public e-mail address, or made available at a Web site; but if made available at a Web site, the institution must send an alert notice via a public system, such as AOL or Yahoo. And if the e-mail alert is not delivered for any reason, the institution must redeliver the alert electronically or in paper form. In the supplementary information to the Interim Final Rules, the FRB states that e-mail sent via a public system provides consumers with more control of when to review, and for how long to retain account information. This requirement provides one example of the difficulty of identifying regulatory impediments ahead of time. Although many financial institutions recognized that this requirement would be burdensome, they did not fully realize until attempts at implementation were underway the extent of the difficulties presented in complying with this provision of the Interim Final Rules. The alert requirement significantly impedes the operation of established online banking programs and the development of future electronic commerce initiatives in may ways.

First, for many institutions, the public e-mail alert requirement is difficult, if not impossible, to implement and could end the participation of many existing customers in existing online banking programs. Currently, dial-up proprietary systems are used by many consumers who do not have an e-mail address, and yet are able to utilize personal computer banking systems. Furthermore, many institutions do not have public e-mail addresses on file for a majority of their existing customers. These online banking programs were built, and have been operating for years, through proprietary systems, which do not utilize public e-mail addresses. Many consumers are hesitant to provide public e-mail addresses for fear of receiving unsolicited e-mail offers or due to the increased monitoring of work e-mail. While current online banking systems are equipped to communicate electronically with customers through proprietary systems, many would have to significantly modify those systems or resort to paper in order to comply with the public e-mail requirements. As a result, many institutions will be faced with the alternatives of not complying with the Interim Final Rules or discontinuing online banking service for many existing customers.

Second, sending information to a customer's current public e-mail address is problematic. The frequency of e-mail address changes is a major problem? more than twice as many e-mail addresses as postal mailing addresses change each year. Approximately 34% of e-mail addresses, compared to 17% of postal addresses, change each year. And while the U.S. Postal Service attempts to provide mail forwarding, there currently is no similar program for changed e-mail addresses. Not only is it difficult to identify the customer's current e-mail address, but there are more intermediaries for a message to pass through in an open system, and each stop poses the risk that a message will be terminated in error.

Third, the public e-mail alert requirement could adversely impact, if not destroy, many online outreach programs. Many consumers do not have e-mail addresses, but have gained access to online banking through special bank-initiated programs, such as mobile computer programs for customer use, bank lobby computers, grocery store computers, and Web-based ATMs, designed to address the technology divide. Many of these programs would be threatened, or precluded altogether, by the public e-mail requirement.

Fourth, the alert requirement would result in higher costs, fewer benefits, and less convenience for online banking customers. Currently, due to the cost savings that result from communicating via a proprietary system, many institutions have been able to offer online banking free of charge. Communicating through a public system, however, would be more expensive and could preclude many institutions from offering consumers services free of charge.

Also, the alert requirement is inconsistent with the E-Sign Act, which was intended to facilitate and normalize electronic commerce. Under the E-Sign Act, Section 104 (b)(2)(B) expressly prohibits a federal agency from adopting regulations that add to the requirements of the E-Sign provisions. Furthermore, Section 104 (b)(2)(C)(iii) prohibits a federal agency from requiring a specific technology to deliver electronic documents. The alert requirement, however, adds to the requirements of the E-Sign Act by specifying the use of a particular technology, contrary to Section 104 (b)(2)(C)(iii), and also increases the difficulty of complying with the E-Sign Act's reasonable demonstration requirement.

In addition, under the FRB's Interim Final Rules, it is not clear what the disclosure requirements are when a consumer accesses disclosures online in connection with an event, such as instant credit approval. For example, initial disclosures must be provided before the consumer becomes obligated, or before the first purchase, on the account. The Interim Final Rules state that the initial disclosures must appear on the screen, or the institution must provide a non-bypassable link to the disclosures before the consumer becomes obligated on the account. When a consumer has consented to receive and is receiving disclosures in "real time," that is, where the disclosures appear on the screen or a link to the disclosures is provided to the consumer, creditors should have no additional obligation to deliver the disclosures to a consumer's electronic address or make the disclosures available at a Web site for 90 days, and send an alert notice to the consumer's public e-mail address. Any such requirement to send alert notices to a public e-mail address would substantially impede the ability of financial institutions to create such account relationships in an online environment. It is critically important that the FRB clarify that the e-mail alert requirement would not apply where the institution can confirm, or the customer acknowledges, receipt of the communication or disclosure while the customer is interacting with the institution at the institution's proprietary Web site.

Thus, the public e-mail alert and its companion redelivery requirements illustrate the problems that arise when well-intended rules are promulgated to address potential abuses with little evidence that actual harm exists, or that if harm exists, that the rule will cure or address such harm. Instead, the adoption of the alert and redelivery requirements under the Interim Final Rules would significantly impede the delivery of online financial services.

Regulation E (Electronic Fund Transfer Act)

Certain requirements under Regulation E, which implements the Electronic Fund Transfer Act, have impaired the development of many e-commerce initiatives. Many institutions have found that due to the sweeping definitions of "financial institution" and "account," many non-traditional financial products or services fall under the scope of Regulation E. Numerous electronic initiatives, such as stored-value products, account aggregation services, and person-to-person payment services, have been delayed in reaching the consumer market due to the difficulty in, or burden of, complying with some of the requirements under Regulation E.

The following are examples of Regulation E requirements that impede electronic initiatives:

 Section 205.10(b) requires preauthorized electronic fund transfers from a consumer's account to be authorized by a writing that is signed or similarly authenticated by the consumers. In particular, the requirement that an advance notice be sent to customers when transfers vary in amount from the previous transfer, or from a specific preauthorized amount, has caused many institutions to restructure e-commerce products and payment arrangements.

The Rule should be revised to allow institutions the flexibility to debit a consumer's account based on a computable amount or percentage, as opposed to a specific dollar amount or range of dollar amounts, or by reference to the entire balance or the total amount currently due.

Section 205.9 requires an institution to send periodic statements. This requirement encumbers, and in some instances prevents, the development of various electronic products technically falling under the scope of Regulation E, such as stored-value products or person-to-person payment services. The design and nature of many of these products is to act as a substitute for cash, and providing periodic statements is not consistent with the nature of the product. We recommend that proactive measures be taken to foster the development of such products.

Regulation Z (Truth in Lending Act)

As creditors attempt to implement electronic commerce initiatives, such as instant credit, they have struggled to understand how to comply with such paper-based rules in an electronic environment. For example, the FRB recently revised the disclosure requirements for credit and charge card applications and solicitations. The revisions require certain format requirements, such as the annual percentage rate for purchase transactions to be disclosed in a tabular format in 18-point type. It is unclear how creditors can meet this requirement in an electronic environment because they have no control over how disclosures will appear on the consumer's computer screen. Institutions should have no duty to ensure that a consumer views the disclosures in the context of such format and type size requirements.

Regulation P (Title V of the Gramm-Leach-Bliley Act)

Under the GLB Act, required privacy notices may be provided either in writing or electronically. On this point, the final rules implementing the GLB Act vary slightly from the GLB Act itself. Regulation P, which implements the GLB Act, permits privacy notices to be provided in writing or electronically, if the consumer agrees. The Agencies should clarify that the consent provisions of the E-Sign Act are not triggered by providing such privacy notices electronically. The E-Sign Act provides that if a law requires that a record be provided to a consumer in writing, the document may be provided electronically if the consumer affirmatively consents to receive the record electronically and, prior to consenting, the consumer is provided with a detailed list of disclosures as enumerated under the Act. Further, the consumer must either consent or confirm his or her consent in a manner that "reasonably demonstrates" that the consumer can access the information in the electronic form in which it will be provided.

Some confusion has arisen regarding whether institutions are required to comply with the consent provisions contained in the E-Sign Act when providing privacy notices required under the GLB Act. As described above, however, the E-Sign Act consent provisions only apply when institutions are delivering information electronically that is required to be provided "in writing." Because the GLB Act expressly indicates that notices may be provided either in writing or electronically, the consent provisions of the E-Sign Act do not apply. For purposes of clarity and to facilitate online banking activities, Visa strongly urges the Agencies to expressly clarify that electronic notices under the GLB Act are outside the scope of the E-Sign Act consent provisions.

Federal Law v. State Law

The Agencies specifically requested comment on whether there are differences between federal and state laws or regulations that impede the delivery of online financial services, and whether there are particular aspects of conducting online banking and lending activities that could benefit from a single set of legal standards that would be applied uniformly nationwide. The E-Sign Act is the primary federal law applicable to electronic signatures. As noted above, the Act requires that consumers be given detailed disclosures regarding various aspects of communicating electronically before consent is given. However, institutions cannot disregard state laws, such as the Uniform Electronic Transaction Act ("UETA"), which has been adopted in various forms by thirty-eight states. Although UETA has been adopted by many states, a bank's ability to rely on UETA and duty to comply with it is far from clear.

The inherent tension between the E-Sign Act and the UETA is a significant impediment to online banking and lending. Section 102(a) of the E-Sign Act provides limited authority to a state, with respect to its own laws, to modify the E-Sign Act's provisions on the use of electronic records and signatures. States may enact their own electronic writing and signature requirements where the state law is either: (1) an official or "clean" version of the UETA; or (2) provides "alternative procedures or requirements for the use or acceptance" of electronic records or signatures, so long as those alternative procedures or requirements are: (a) "consistent" with the substantive requirements of the E-Sign Act; and (b) neither require nor provide preferred status to the use of a specific technology form or technical specification for electronic records or signatures. Thus, because many states have adopted UETA provisions that vary significantly in their modification of UETA, and that may or may not be preempted by the E-Sign Act, an overly complex legal framework exists for institutions attempting to conduct electronic transactions.

In addition, the Agencies have interpreted the E-Sign Act, and have provided exceptions to the rules. For example, in several of its regulations, the FRB interpreted the E-Sign Act to exclude certain application, solicitation, and advertising disclosures from the consent provisions because such disclosures do not relate to covered transactions. The problem arises, for instance, when a state law requires consumer consent for such disclosures. Typically, consumer protection statutes provide that state law requirements that are inconsistent with federal law are preempted to the extent of the inconsistency. Many states believe that if the state law is more protective then the federal law is not inconsistent and, therefore, the state law is not preempted. Such lack of uniformity, however, will significantly impede the development of online banking and lending. While arguments can be made that such a state law would frustrate the purposes of the federal law, the resulting legal uncertainty hinders the ability of institutions to conduct transactions online.

Geography and Time Considerations

The Agencies specifically requested comments on whether regulatory provisions should be revised to more appropriately govern the location of online banking and lending activities. For example, bank mergers and acquisitions are regulated, in part, by legal standards that have been developed to determine whether a transaction poses anti-competitive consequences in the relevant geographic market for the combination of banking products in question. Visa believes that the Agencies should not attempt to revise regulatory provisions or provide specific guidance defining "location" for Internet transactions. Location designations have broad implications, including the imposition of interest charges on loans made to borrowers that reside in various states, as well as issues regarding Internet taxation. Thus, before any revisions relating to the location of online activities are considered, the Agencies should ensure that they fully understand possible implications of any such revisions.

Weblinking

The Agencies also specifically requested comment on whether weblinking arrangements, allowing consumers to access various products and services at other entity Web sites via a hyperlink, create consumer confusion. Visa believes that weblinking arrangements are typically offered in a manner that is understandable to consumers. For example, most Web sites clearly notify consumers that they are leaving the institution's Web site and being transferred to an external Web site. Furthermore, Web sites ordinarily are branded with the company name to indicate to the consumer that they have arrived at another entity's Web site. Thus, Visa believes that the Agencies should take a "wait and see" approach, and refrain from promulgating rules or issuing guidance setting standards for weblinking arrangements.

Once again, Visa appreciates the opportunity to comment on this very important matter. If you have any questions concerning these comments, or if we may otherwise be of assistance in connection with this matter, please do not hesitate to contact me at (415) 932-2178.

_____________________________________

^{1Visa USA is a membership organization comprised of U.S. financial institutions licensed to use the Visa service marks in connection with payment systems.}

Sincerely,
Russell W. Schrader 
Visa USA
Senior Vice President and
Assistant General Counsel