Current Developments in Monetary and Financial Law, Vol. 3

CHAPTER 35 Electronic Banking: New Developments and Regulatory Risks

International Monetary Fund
Published Date:
April 2005
  • ShareShare
Show Summary Details

Wells Fargo is one of the leading American banks in the area of Internet and electronic banking. In the first quarter of 2002, its Business Internet Services group reached the milestone of 300,000 small-business customers online, and it received national recognition for the best website for small businesses in North America. Wells Fargo was one of the first banks to help businesses securely accept credit card payments online. It was also early in offering web development and hosting services to small businesses.

Wells Fargo was the first to offer banking over the World Wide Web, in May 1995. As of the end of 2001, Wells Fargo had approximately 2.3 million online banking customers, or 23 percent of its total checking account customers. About 100,000 new customers enroll in the Online Banking service each month. The Commercial Electronic Office business portal allows mid-sized and large companies to securely place transactions, access information, and receive service online for their credit, cash management, electronic payment, foreign exchange, trust, and investment needs.

As assistant general counsel for regulation and technology at Wells Fargo, I am in an interesting position at the intersection of two very different areas of legal practice, and two very different risk environments. Regulatory lawyers are usually thought of as needing to be cautious and conservative, while technology lawyers are asked to be creative and to help their clients turn business plans written on backs of envelopes into reality.

In the work that I and the lawyers in my group do, there is a continual need to balance safety and soundness concerns and complex banking regulations against the risks that our creative business thinkers want to take. The last several years have been particularly challenging, as Wells Fargo has worked hard to deliver a greater number of traditional banking products and services through the Internet, while at the same time offering products and services that did not exist 10 or even 5 years ago. Many of these new products and services, such as online bill payments, online account aggregation, and the use of digital signatures for customer authentication, could not exist but for advances in technology.

Many of these new initiatives have forced our lawyers to go back to basics and apply fundamental principles of law in the new environment of electronic commerce. We have discovered that other highly specialized areas of law, notably intellectual property law, can have a significant effect on the business decisions of banking organizations and must be incorporated into the risk management process. Banking, as it turns out, is mostly about information, and our technology law practice is increasingly focused on all those areas of law that relate to the regulation and protection of information.

I would like to address three areas of law that have had, or promise to have, a particularly important impact on the electronic banking business of Wells Fargo and that create risks that encompass a number of risk categories that bank supervisory agencies are familiar with. These are privacy, intellectual property law, and laws relating to electronic signatures and electronic records—the latter laws being aspects of the law of contracts and the law of evidence.

Privacy is a large and complex topic encompassing a number of different subtopics. Privacy in its many dimensions—which include information security, consumer marketing preferences, and information sharing with affiliated and nonaffiliated companies—is one of the most significant challenges facing the American financial services industry today. It is a particular challenge to organizations that are especially advanced in electronic banking, since technology permits the ready gathering and analysis of vast quantities of information about individuals and their financial transactions. Indeed, it seems obvious that the advent of Internet banking and the fears about the misuse of personal data gathered by businesses online have strongly fueled the present privacy debate.

Privacy and its various aspects represent a significant reputation risk to banking organizations and increasingly also a compliance risk as greater numbers of privacy-related laws are passed at the federal and state level in the United States to allay public fears. Most large financial services organizations in the United States have now named chief privacy officers in an effort to manage this risk. But privacy is a complex topic, and banking supervisors must take care not to become part of the problem by overreacting to what in many cases is simply public confusion about how data are used and a lack of appreciation about the value of the relatively free exchange of data in an information-based economy. While concerns about identity theft and intrusive marketing are legitimate, excessive restrictions on the gathering and use of information about banking organization customers, particularly within the same organization, run the risk of stifling the promise of electronic banking by imposing significant additional costs on data management. A careful balance must be struck between honoring individuals’ interest in controlling the use of information about their financial transactions or their financial status that a bank may have collected, and the bank’s interest in providing good customer service and in making known to customers other products and services the bank would like to provide. Whether legislatures or banking supervisors are capable of making that balance through the blunt instruments of laws and regulations remains to be seen.

I would suggest that a market-based approach with the requirement for full disclosure of a company’s information practices, and then letting customers decide whether they want to do business with that company, may be preferable to trying to legislate the flow of information. In an information-based economy and given the power of modern technology, information wants to be free, and it is very difficult to write—and even harder to enforce—rules about information use without creating significant unintended consequences.

Walter Wriston, former chair and chief executive officer of Citicorp, once wrote, “Information about money has become as important as money itself.” Since banking these days is largely the management of information, it stands to reason that eventually banking lawyers would need to understand how laws protecting the property value of information—that is, intellectual property laws—can affect the banking business. In Wells Fargo’s case, we devote considerable energy to the protection of our well-recognized corporate name and its associated corporate logo, together with the Wells Fargo stagecoach image that is recognized worldwide. In the world of Internet commerce—with its low entry barriers and avalanche of product and service providers—a recognizable brand is of great value. We have registered the Wells Fargo name under the trademark laws of nearly 100 countries. The advent of the Internet has created a new practice area for our trademark lawyers, namely, actions against “cybersquatters”—those individuals or companies who use Internet website addresses that are deceptively similar to Wells Fargo’s own website address. Taking such action is obviously important to protect not only against risks to Wells Fargo’s reputation, but also to eliminate opportunities for fraud if customers think they are doing business on the Internet with Wells Fargo.

Another emerging risk in the area of intellectual property law has to do with the concept of “business method patents.” Under American law, it has been possible to obtain a patent on automated business data processing methods, which have become more important as more business is done electronically. Although not an entirely new concept under patent law, there is increasing awareness in the financial services industry of the significance of business method patents, and they are increasingly being used by competitors to gain strategic advantages. Numerous business method patents have been issued that affect electronic commerce and payment systems. Consideration of patent issues will play an ever-greater role in the development by banking organizations of new data processing and management techniques. Banks must be concerned not only about whether they are infringing the patents of others, but also about whether they should protect processes they may have invented themselves. Banks may be able to derive value from patenting and licensing technologies on business processes they may have developed themselves. Organizationally, this requires a company-wide effort and coordination among different business groups through a patent committee or other mechanism.

These are difficult issues for most banks, since bankers do not often think of themselves as inventors and are surprised to learn that patent rights granted to others may stand in the way of development of new services. Here too, there needs to be a balance between society’s interest in encouraging and protecting inventors and the relatively unregulated use of ideas to make economic transactions more efficient. This is an area that banking supervisors may wish to learn more about. Failure to recognize patent rights of others, or to appropriately protect one’s own inventions, may expose banking organizations to litigation and strategic risks, especially in the specialized domains of electronic commerce and Internet banking.

A third significant area where regulation and technology intersect in our internal legal work is that of electronic signatures and electronic records. Given present trends in technology and electronic commerce, it seems obvious that sometime between now and 100 years from now, a significant percentage of banking and other business transactions will take place entirely electronically. The use of paper to document transactions or to evidence money itself will undoubtedly continue for a long time, especially in a global context, but in advanced economies it seems clear that the efficiency and speed of technology are simply too compelling and that transactions such as opening banking accounts and obtaining loans will take place entirely electronically, without any need for the physical appearance of the customer. Equally important, there are significant cost savings to be achieved through the elimination of paper records and the storage of documents in electronic form rather than in office files and warehouses. The question is how quickly these changes will occur.

Notwithstanding the recent passage of the federal Electronic Signatures Act in the United States and numerous industry efforts to move toward the use of electronic signatures and electronic documents, many practical barriers and hard-to-qualify risks still exist. The problem of authentication of the identity of parties to electronic transactions remains a challenge, although there are many initiatives underway to address this issue. Public records offices where documents may need to be recorded to achieve the desired legal effect must have the technology and systems necessary to accept electronic documents. Here, near Washington, D.C., officials in neighboring Fairfax County, Virginia, have been in the forefront of local public agency involvement in determining how to handle electronic document recording. Because of our significant involvement in consumer real estate lending and other activities where the elimination of paper documents offers considerable cost-saving potential, Wells Fargo is very interested in the outcome of initiatives in this area.

Elimination of paper documentation and traditional identity verification processes clearly entails risks that supervisory agencies will need to consider. Improper management of electronic documentation and authentication processes can create significant operational and compliance risk resulting from fraud and the inability to prove the terms of a financial transaction. Organizations must have appropriate processes to back up electronic records of transactions. In the past few years, U.S. regulators have issued useful guidance regarding matters such as electronic authentication and the use of digital signatures that we at Wells Fargo have used as the basis for our own internal policies and procedures in this area. We believe there is significant potential for cost savings and customer benefits through more rapid processing of banking transactions and, potentially, the ability to undertake complex transactions from the convenience of a home or business computer. Lawyers in my area have a major role to play in helping our businesses to understand the risks of moving completely to an electronic documentation and recordkeeping environment.

These are truly exciting times for banking lawyers, especially those of us involved with bringing traditional banking practices into the digital age. The pace of change has been dizzying, and it is still accelerating. The role of lawyers is increasingly that of risk managers and not technicians or scriveners, and we have to be able to adapt our own styles of practice and methods of analysis to these rapid changes.

    Other Resources Citing This Publication