The Division is providing this guidance to assist bank management with defining remote work conditions and corresponding security protocols. South Dakota bank staff may conduct banking activities provided the remote work location is physically located in South Dakota and adequate security protocols are implemented. With respect to remote work in other states, it is permitted to the extent it follows this guidance and allowed by the host state regulatory authority. Banks that allow remote work by their employees must draft and implement comprehensive policies and procedures to ensure remote work is conducted in a secure and professional manner. A comprehensive remote work program should implement, at minimum, the following requirements and limitations:
1. Ensure in-person interactions with customers and consumers are not conducted at the
remote work location and the remote location is not represented as a business location,
branch, or Loan Production Office (LPO);
2. Maintain secure virtual private networks or similar system and other appropriate
safeguards for customer data, information, and records;
3. Ensure employees have secure internet connections and all security updates and patches
are up to date on all remote devices;
4. Employ appropriate risk-based monitoring and oversight processes of work performed
from a remote location and maintain records of the oversight process;
5. Ensure customer information and bank records are not maintained at the remote location;
6. Ensure customer information and bank records remain accessible and available for
regulatory oversight and examination;
7. Provide appropriate employee training to keep all conversations about and with
customers conducted from the remote location confidential, as if conducted from a bank
branch or LPO, and to ensure remote employees work in an environment that maintains
confidentiality.