Over the past several years, employers have worked to provide flexible work environments in response to the COVID-19 pandemic. Employees have taken advantage of these opportunities and are likely to continue to request flexible work environments in the future, including the option to work remotely. Offering remote work opportunities can be beneficial to banks. In a tight labor market, offering remote work options may help banks recruit and retain talent. However, as Tiffany Miller recently noted in The Bottom Line, a publication of The Independent Community Bankers of South Dakota, allowing employees to work remotely can also create business and legal risks for banks. Before banks authorize employees to work remotely, Miller recommends taking into consideration the following:

  1. What activities will the remote employee perform for the bank?

Banks should ensure that an employee’s activities at a remote location do not result in such location being deemed a “branch” or, in the case of South Dakota state banks, a “loan production office.”  Under federal law, a branch is typically defined as a place “at which deposits are received, checks paid, or money lent.” Thus, banks should make sure those activities (receiving deposits, paying checks, or disbursing loan proceeds) do not occur at an employee’s remote location to avoid creating a branch under federal law.  South Dakota state banks face a slightly broader definition of the term “branch,” which is defined under South Dakota law as a “place of business maintained by a bank to conduct its banking business.”  While working remotely, a bank employee would almost certainly be conducting banking business. But, as long as the remote employee’s location is not “maintained” by the bank, there presumably are no branching issues under South Dakota law when employees work remotely.

South Dakota state banks also face a regulatory wrinkle in the case of loan production offices (LPOs), which are required to be approved by the Director of the South Dakota Division of Banking. South Dakota law defines an LPO as a place “where loans are solicited but not approved or disbursed.”  To avoid the risk that a remote employee’s location might be considered an LPO, banks should ensure that: (i) the employee’s location is not open to the public; and (ii) the remote employee does not have in-person interaction with existing or potential loan customers at the remote location. Notably, national banks do not face this LPO issue because federal law does not require prior regulatory approval for a national bank to establish an LPO.

  1. Do South Dakota banks need to worry about the laws of another state when hiring remote employees?

If the remote employee’s workplace is in another state, yes. South Dakota has become a hub for the financial services industry thanks, in part, to its business-friendly laws. For example, South Dakota has no income tax and is an employment-at-will state (i.e., absent a written employment agreement, employment relationships may be terminated without a specific cause). However, if a remote employee’s location is in another state, the laws of that state will apply to the remote employee. Thus, the bank will need to consider whether the laws of the state of the remote employee’s location have tax implications for the bank (i.e., providing a nexus for taxation of bank operations in the state). In addition, the bank will need to determine whether the state imposes other requirements on employers in that state, including, but not limited to, requirements related to employee leave, employee background checks, worker’s compensation, privacy, and a myriad of other employee protections.

  1. Does the bank intend to monitor remote employees’ work productivity?

Under federal law, it is generally illegal for any person to intentionally intercept electronic communications unless the interception is accomplished in the ordinary course of business or with the prior consent of one of the parties to the communication. As a result, if a bank’s employee monitoring system allows the bank to intercept business and personal activity conducted on a remote employee’s computer, such monitoring could require the consent of the employee to be permissible under federal law.

State laws may also apply to limit the bank’s monitoring of remote employees. While South Dakota law generally prohibits intercepting communications via an “eavesdropping device,” this prohibition contains exceptions similar to federal law and does not apply if the interception is conducted in the ordinary course of business or with the consent of the sender or receiver of the communication. Therefore, banks obtaining remote employee consent before implementing monitoring systems should be compliant with federal and South Dakota law. However, banks with remote employees in other states will need to consult the laws of such states to determine whether additional monitoring limitations apply. For example, some states require “2 party consent,” meaning that the banks with remote employees in those states would need to obtain consent from both the remote employee and the individual with whom the employee is communicating in order to record communications.

  1. Has the bank adopted sufficient policies and procedures to address confidentiality of customer information?

Banks are subject to robust federal and state data security requirements designed to ensure the confidentiality of customer information. Remote locations may lack the privacy that is otherwise afforded at bank locations, and banks’ policies and procedures should require remote employees to maintain customer confidentiality, including during verbal conversations or when printing or reviewing written documents, so that sensitive customer information is not overheard or intercepted by others. Unfortunately, banks are also prime targets for phishing and other malware attacks. If an employee can access the bank’s systems and customer information remotely, the bank will need robust data security procedures in place to address such remote access, including, for example, robust password and dual authentication requirements in the event the remote employee loses bank equipment (e.g., computer or phone) or is hacked via an unsecure internet connection.

Establishing remote work options for bank employees requires careful thought and consideration. If your bank has, or is considering hiring, remote employees, the attorneys at Davenport Evans are ready to help you navigate the various issues that arise.

Davenport Evans lawyers are available to answer your questions at 605-336-2880 or [email protected], or you can reach a specific lawyer via the Our Lawyers page on www.dehs.com.