20 CSR 1140-25.010 - Electronic Fund Transfer Systems

Current through Register Vol. 46, No. 24, December 15, 2021

PURPOSE: This regulation establishes the criteria for the operation of any electronic fund transfer system by an association.

(1) Definitions. As used in this chapter-
(A) Electronic fund transfer system means any system using electronic transmissions of data or information and providing for access to or ability to credit or debit any account of a member of an association from a place other than an office or agency of the association;
(B) Personal security identifier (PSI) means any word, number or other security identifier essential for an accountholder to gain access to an account;
(C) Remote service unit (RSU) means an information processing device, including associated equipment, structures and systems, by which information relating to financial services rendered to the public is stored and transmitted, instantaneously or otherwise, to a financial institution. Any such device not on the premises of an association that, for activation and account access, requires use of a machine-readable instrument and PSI in the possession and control of an accountholder, is an RSU. The term includes, without limitation, point-of-sale terminals, merchant operated terminals, cash-dispensing machines and automated teller machines. It excludes automated teller machines on the premises of an association, unless shared with other financial institutions. An RSU is not a branch, satellite, or other type of facility or agency of an association under Chapter 16 of these regulations;
(D) Generic data means statistical information which does not identify any individual accountholder;
(E) RSU account means a savings or loan account or demand account that may be accessed through use of an RSU;
(F) Service corporation means such an entity as defined by and operated in accordance with the provisions of Chapter 23 of these regulations; and
(G) Foreign association means any federally-chartered or state-chartered association with its principal office located outside Missouri.
(2) Remote Service Units.
(A) An association may establish or use RSUs and participate with others in RSU operations on an unrestricted geographic basis subject to the requirements of the Electronic Fund Transfer Act ( 15 U.S.C. 1693 ) and Regulation E of the Federal Reserve Board ( 12 CFR 205.2 ) and this regulation.
(B) No RSU may be used to open a savings account, a demand account or establish a loan account.
(C) Remote Service Units-Access Techniques. An association shall provide a PSI to each accountholder and require its use when accessing an RSU. It may not employ RSU access techniques that require the accountholder to disclose a PSI to another person or entity. The association must inform each accountholder that the PSI is for security purposes and shall not be disclosed to third parties. Any device used to activate an RSU shall bear the words ''Not Transferrable'' or their equivalent. A passbook may not be such a device.
(D) Privacy of Account Data. An association shall allow accountholders to obtain any information concerning their RSU accounts. Except for generic data or data necessary to identify a transaction, no association may disclose account data to third parties, other than the appropriate federal regulatory agency and the director, unless express written consent of the accountholder is given, or applicable law requires. Information disclosed to the appropriate federal regulatory agency or the director will be kept in a manner to ensure compliance with the Privacy Act, 5 U.S.C. 552 a. An association may operate an RSU according to an agreement with a third party or share computer systems, communications facilities or services of another financial institution only if such third party or institution agrees to abide by this subsection as to information concerning RSU accounts in the association.
(3) Security. An association shall protect electronic data against fraudulent alterations or disclosure. Every RSU shall meet the minimum security devices requirements of applicable federal regulations as though such were offices, as defined in applicable federal regulations, except to the extent that an association satisfies the director and the appropriate federal regulatory agency that those requirements are inappropriate. In such a case, alternative measures satisfactory to the director and the appropriate federal regulatory agency must be taken for installation, maintenance, and operation of security devices and procedures, reasonable in cost, to discourage robberies, burglaries, larcenies and computer theft and to assist in the identification and apprehension of persons who commit such acts.
(4) Supervision. An association may share an RSU controlled by an institution or another party not subject to examination by a state or federal regulatory agency only if such institution or other party has agreed in writing that the RSU is subject to such examination by the director as is deemed necessary.
(5) Home Banking Services. An association may utilize any electronic technology to provide its customers with home banking services. Any such services provided under this section are subject to the Electronic Fund Transfer Act ( 15 U.S.C. 1693 ) and Regulation E of the Federal Reserve Board ( 12 CFR 205 ) (as construed by Supplement II-Official Staff Interpretation, 2-23). Home banking services means the transfer of funds or financial information or the performance of other transactions initiated by a customer by means of an electronic home terminal, such as a telephone, a home computer terminal or a television set that is linked to an association's computer by telephone or cable television lines. An association providing services authorized by this section shall adopt security measures adequate to prevent unauthorized access to its records or those of its customers or the use of a home terminal to defraud the association or any of its customers.
(6) Out-of-State Operation of Remote Service Units. An association chartered by the state of Missouri may operate a remote service unit on an unrestricted geographic basis under the following conditions:
(A) Prior to operating a remote service unit in another state, an association must submit written evidence to the director that the association has obtained the approval of the savings and loan regulatory agency of the state in which the remote service unit will be located; and
(B) A remote service unit operated by an association chartered by the state of Missouri and located in another state shall not be considered to be a branch office or agency of the association. Any financial transaction effected by use of a remote service unit in another state shall be deemed to be transacted at the association to which the information is transmitted for entry into a customer's account.

Notes

20 CSR 1140-25.010
AUTHORITY: sections 369.129, 369.299, 369.329 and 369.334, RSMo 1994.* This rule originally filed as 4 CSR 260-13.010. This rule previously filed as 4 CSR 140-25.010. Original rule filed July 14, 1978, effective Nov. 13, 1978. Amended: Filed Oct. 13, 1981, effective Jan. 14, 1982. Rescinded and readopted: Filed Nov. 4, 1986, effective Jan. 30, 1987. Changed to 4 CSR 140-25.010, effective July 6, 1994. Amended: Filed Nov. 8, 1994, effective March 30, 1995. Moved to 20 CSR 1140-25.010, effective Aug. 28, 2006.

Copies of all referenced federal regulations are available to any interested party at the Division of Finance, Room 630, 301 West High Street, Jefferson City, Missouri or the Office of the Secretary of State at a cost established by state law.

*Original authority: 369.129, RSMo 1971, amended 1982, 1994; 369.299, RSMo 1971, amended 1994; and 369.334, RSMo 1971, amended 1983, 1994.

The following state regulations pages link to this page.



State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.