This report discusses bank regulators' evaluation of electronic signature systems. Financial institutions use electronic signature systems to verify or authenticate the identity of customers conducting financial and nonfinancial transactions over the Internet and other open electronic networks. Officials at the Office of the Comptroller of the Currency (OCC) and the Federal Reserve told the GAO that they are developing an examination strategy for Identrus LLC, which is an entity that provides services to financial institutions to authenticate electronic signatures. OCC officials have not determined what role they will play in assessing Identrus' operations, but they believe that financial institutions should take an active role in assessing the risks associated with electronic signatures.
The GAO recommended that banking regulators develop a consistent methodology for assessing the risks and appropriateness of internal controls surrounding such systems. The Chairman, Board of Governors of the Federal Reserve System, and the Comptroller of the Currency, should work through the Federal Financial Institutions Examination Council to develop guidance that includes criteria for evaluating electronic signature systems in order to provide reasonable assurance that electronic signatures generated by the system are valid.