Are we required to post any kind of statement to the public or our customers as to our readiness for the COVID-19? If so, can you direct me to the kinds of things we need to say? We are working on an ad to educate our customers on how to use our online products if they are concerned about coming out in public to the branch. Thanks!
I wouldn’t call it a requirement to post a statement, but it’s definitely a best practice. I could easily see the examiners being just fine with your generic Pandemic planning, but next time they come in asking “what specific steps did you take in reaction to the recent COVID-19 event?”
Lots of generic best practices out there (CDC, etc.), and of course your response would depend on your capabilities (encouraging e-banking vs. face-to-face transactions, and e-signatures for physical signatures on loan documents, for example), but here are some FI-specific resources:
- The ABA has some good stuff here: https://www.aba.com/banking-topics/risk-management/incident-response/coronavirus (you need to be a member to access some of the areas).
- The ICBA site might be very helpful too: https://www.icba.org/news/Crisis-Preparedness
- American Banker also has some good ideas for communicating with customers: https://www.americanbanker.com/news/how-banks-are-helping-customers-withstand-coronavirus-shock
- The Federal Reserve has some good information here: https://www.federalreserve.gov/newsevents/pressreleases/bcreg20200309a.htm
- The FDIC also has a page dedicated to COVID-19: https://www.fdic.gov/coronavirus/index.html
- The FFIEC has updated their guidance identifying actions to minimize the adverse effects of a pandemic: https://www.ffiec.gov/press/pr030620.htm
- The NCUA has issued their FAQ and resources: https://www.ncua.gov/coronavirus
In addition to providing hand sanitizers and wipes in the branches, we’ve also heard of some folks making a point of wiping down their FI-owned ATM keypads (and/or offering wipes to customers for that purpose).
Here are some additional tips we’ve gathered from other financial institutions that may also be useful for you to consider (in no particular order):
- Plan to restock FI-owned ATMs more frequently, and/or consider temporarily increasing daily withdrawal limits. Keep in mind that if reloading services are outsourced the vendor may be overwhelmed. Also check if your blanket bond insurance coverage needs to be adjusted for the higher limits.
- Tracking (via log) what employees are entering your buildings each day to create a “contact tracking map” in case someone is diagnosed as a confirmed case.
- Check HR policies (and communicate same) regarding employees needing to take extended sick leave or requiring additional time off to care for family members. Do you have a “flex-hours” policy for job duties that can be performed off-hours?
- Is your succession plan at least three resources deep for most functions and possibly four resources deep for highly critical and specialized functions?
- Depending on your primary demographic, consider creating special hours at certain locations specifically for more vulnerable elderly customers.
- If you don’t already offer these services, have you considered consumer capture, “Smart” ATMs and other alternatives to face-to-face transactional services?
- Define banking services that can be completed through drive-thru, and those that require in person interaction (and an appointment). (I.e. Large Cash or Coin Transactions may need to be in-person for security or drive-thru equipment limitations)
- Consider moving to an “appointment-only” approach for in-person banking services.
- Consider evaluating your check cashing limits through the drive-thru or requiring additional identify verification.
- Additional training on remote access hygiene. Does your Information Security Program require these users to sign a remote access agreement?
- Remind all employees (especially those telecommuting) to continue to be vigilant to the potential uptick in cyber-attacks (phishing, vishing, etc.) and fraud attempts.
- Law360 shares good information regarding cyber hygiene when telecommuting: https://www.law360.com/articles/1250758/as-covid-19-increases-remote-work-cyberhygiene-is-a-must
We have posted on this already and will likely be offering some additional best practices for bankers at both complianceguru.com and safesystems.com.
Hope all this helps. Stay tuned, and stay healthy out there!!