skip to main navigation skip to secondary navigation skip to content
Board of Governors of the Federal Reserve System
skip to content
Board of Governors of the Federal Reserve System

Supervision and Regulation Letters

SR 09-2

FFIEC Guidance Addressing Risk Management of Remote Deposit Capture Activities

January 14, 2009

Seal of the Board of Governors of the Federal Reserve System
BOARD OF GOVERNORS
OF THE
FEDERAL RESERVE SYSTEM
WASHINGTON, D. C.  20551
DIVISION OF BANKING
SUPERVISION AND REGULATION
SR 09-2
January 14, 2009
TO THE OFFICER IN CHARGE OF SUPERVISION AND APPROPRIATE SUPERVISORY AND EXAMINATION STAFF AT EACH FEDERAL RESERVE BANK AND TO STATE-MEMBER BANKING ORGANIZATIONS SUPERVISED BY THE FEDERAL RESERVE
SUBJECT:   FFIEC Guidance Addressing Risk Management of Remote Deposit Capture Activities

The Federal Financial Institutions Examination Council (FFIEC) member agencies issued guidance today for use by financial institutions, technology service providers, and examiners to identify risks in financial institutions’ remote deposit capture (RDC) systems and to evaluate the adequacy of associated controls and applicable risk management practices.1

RDC is a delivery system that enables financial institution customers to initiate deposits in digital format at customers’ locations and, in most instances, eliminates the requirement to physically deliver deposited items to the financial institution. RDC systems have the potential to decrease processing costs, support new and existing banking products, and accelerate customer funds availability. However, RDC also introduces new risks and increases existing risks inherent in traditional deposit processing, including legal, compliance, reputational, and operational risks.

Financial institutions that have implemented RDC or are considering doing so should use sound risk management processes, including risk identification, assessment, and mitigation, as well as measuring and monitoring residual risk exposure. As noted in the attached interagency guidance, an effective risk management program includes:

  • Sound risk management and mitigation processes at the financial institution and at customer locations;
  • An initial assessment, and periodic assessments thereafter, to identify the types and levels of risk exposure presented by RDC implementation;
  • Comprehensive customer contracts and agreements that clearly identify roles, responsibilities, and liabilities of all parties in the RDC process;
  • Appropriate technology and process controls at both the institution and customer locations to address operational risk; and
  • Effective risk measurement and monitoring by the institution.

Federal Reserve Banks are asked to distribute this letter to financial institutions supervised by the Federal Reserve in their districts, as well as to their own supervisory and examination staff. If you have any questions, please contact Mary Frances Monroe, Manager, Supervisory Policy and Guidance, at (202) 452-5231, or Kenneth Fulton, Supervisory Financial Analyst, Operational and IT Risk, at (202) 452-2314. In addition, questions may be sent via the Board’s public website.2

signed by
Roger T. Cole
Director
 
Notes:
  1. The interagency press release, “Federal Financial Regulators Release Guidance on Risk Management of Remote Deposit Capture,” is available on the FFIEC website at http://www.ffiec.gov/.  Return to text
  2. See http://www.federalreserve.gov/feedback.cfm.  Return to text
Last update: February 1, 2011