Summary: Internet banking heightens traditional banking risks. GAO's review of 81 examinations found that 44 percent of the depository institutions examined had not completely implemented risk-management steps that regulators said are needed to limit on-line banking risks. Shortcomings included some institutions' lack of approval of strategic plans by their board of directors and a lack of policies and procedures at some institutions for Internet banking operations. However, too few examinations had been done at the time of GAO's review to identify the extent of any industrywide Internet banking-related problems. Regulators attributed the limited number of examinations to a diversion of examiners to deal with the Year 2000 computer problems and to the limited number of examiners with expertise in information systems. GAO found that some regulators could use more systematic methods for identifying institutions' plans for new Internet banking systems and maintaining this information centrally. GAO also found variations in the supervisory approaches the regulators followed to help ensure that institutions mitigate the risks posed by Internet banking. Finally, GAO found that the five regulators are beginning to work together to study third-party firms providing Internet banking support services. This testimony summarizes the July 1999 GAO report, GAO/GGD-99-91.
