Current through Register Vol. 49, No. 18, September 16, 2024
PURPOSE: This regulation establishes the criteria for
the operation of any electronic fund transfer system by an
association.
(1) Definitions.
As used in this chapter-
(A) Electronic fund
transfer system means any system using electronic transmissions of data or
information and providing for access to or ability to credit or debit any
account of a member of an association from a place other than an office or
agency of the association;
(B)
Personal security identifier (PSI) means any word, number or other security
identifier essential for an accountholder to gain access to an
account;
(C) Remote service unit
(RSU) means an information processing device, including associated equipment,
structures and systems, by which information relating to financial services
rendered to the public is stored and transmitted, instantaneously or otherwise,
to a financial institution. Any such device not on the premises of an
association that, for activation and account access, requires use of a
machine-readable instrument and PSI in the possession and control of an
accountholder, is an RSU. The term includes, without limitation, point-of-sale
terminals, merchant operated terminals, cash-dispensing machines and automated
teller machines. It excludes automated teller machines on the premises of an
association, unless shared with other financial institutions. An RSU is not a
branch, satellite, or other type of facility or agency of an association under
Chapter 16 of these regulations;
(D) Generic data means statistical
information which does not identify any individual accountholder;
(E) RSU account means a savings or loan
account or demand account that may be accessed through use of an RSU;
(F) Service corporation means such an entity
as defined by and operated in accordance with the provisions of Chapter 23 of
these regulations; and
(G) Foreign
association means any federally-chartered or state-chartered association with
its principal office located outside Missouri.
(2) Remote Service Units.
(A) An association may establish or use RSUs
and participate with others in RSU operations on an unrestricted geographic
basis subject to the requirements of the Electronic Fund Transfer Act (
15 U.S.C.
1693) and Regulation E of the Federal
Reserve Board (
12
CFR 205.2) and this regulation.
(B) No RSU may be used to open a savings
account, a demand account or establish a loan account.
(C) Remote Service Units-Access Techniques.
An association shall provide a PSI to each accountholder and require its use
when accessing an RSU. It may not employ RSU access techniques that require the
accountholder to disclose a PSI to another person or entity. The association
must inform each accountholder that the PSI is for security purposes and shall
not be disclosed to third parties. Any device used to activate an RSU shall
bear the words ''Not Transferrable'' or their equivalent. A passbook may not be
such a device.
(D) Privacy of
Account Data. An association shall allow accountholders to obtain any
information concerning their RSU accounts. Except for generic data or data
necessary to identify a transaction, no association may disclose account data
to third parties, other than the appropriate federal regulatory agency and the
director, unless express written consent of the accountholder is given, or
applicable law requires. Information disclosed to the appropriate federal
regulatory agency or the director will be kept in a manner to ensure compliance
with the Privacy Act,
5
U.S.C. 552 a. An association may operate an
RSU according to an agreement with a third party or share computer systems,
communications facilities or services of another financial institution only if
such third party or institution agrees to abide by this subsection as to
information concerning RSU accounts in the association.
(3) Security. An association shall protect
electronic data against fraudulent alterations or disclosure. Every RSU shall
meet the minimum security devices requirements of applicable federal
regulations as though such were offices, as defined in applicable federal
regulations, except to the extent that an association satisfies the director
and the appropriate federal regulatory agency that those requirements are
inappropriate. In such a case, alternative measures satisfactory to the
director and the appropriate federal regulatory agency must be taken for
installation, maintenance, and operation of security devices and procedures,
reasonable in cost, to discourage robberies, burglaries, larcenies and computer
theft and to assist in the identification and apprehension of persons who
commit such acts.
(4) Supervision.
An association may share an RSU controlled by an institution or another party
not subject to examination by a state or federal regulatory agency only if such
institution or other party has agreed in writing that the RSU is subject to
such examination by the director as is deemed necessary.
(5) Home Banking Services. An association may
utilize any electronic technology to provide its customers with home banking
services. Any such services provided under this section are subject to the
Electronic Fund Transfer Act (
15 U.S.C.
1693) and Regulation E of the Federal
Reserve Board ( 12 CFR 205) (as construed by Supplement II-Official Staff
Interpretation, 2-23). Home banking services means the transfer of funds or
financial information or the performance of other transactions initiated by a
customer by means of an electronic home terminal, such as a telephone, a home
computer terminal or a television set that is linked to an association's
computer by telephone or cable television lines. An association providing
services authorized by this section shall adopt security measures adequate to
prevent unauthorized access to its records or those of its customers or the use
of a home terminal to defraud the association or any of its
customers.
(6) Out-of-State
Operation of Remote Service Units. An association chartered by the state of
Missouri may operate a remote service unit on an unrestricted geographic basis
under the following conditions:
(A) Prior to
operating a remote service unit in another state, an association must submit
written evidence to the director that the association has obtained the approval
of the savings and loan regulatory agency of the state in which the remote
service unit will be located; and
(B) A remote service unit operated by an
association chartered by the state of Missouri and located in another state
shall not be considered to be a branch office or agency of the association. Any
financial transaction effected by use of a remote service unit in another state
shall be deemed to be transacted at the association to which the information is
transmitted for entry into a customer's account.
Copies of all referenced federal regulations are available
to any interested party at the Division of Finance, Room 630, 301 West High
Street, Jefferson City, Missouri or the Office of the Secretary of State at a
cost established by state law.
*Original authority: 369.129, RSMo 1971, amended 1982,
1994; 369.299, RSMo 1971, amended 1994; and 369.334, RSMo 1971, amended 1983,
1994.
