The Children’s Online Privacy Protection Act (COPPA) sets requirements for websites, online information gathering, the permissions required from parents, and recourse parents have. In addition, the bank should have in place strong security/cybersecurity protections for any website that is used by children – e.g., restricting who can see it, user names, who can interact with children – e.g., no comments in order to limit the risk of predators.
In addition to COPPA, information security, and other regulations (e.g., advertising requirements for deposit accounts), security and technology and consumer complaints should be followed, as applicable. The FDIC has under its consumer news section additional information that the bank may consider providing that helps parents understand the risks of permitting children on the internet, as well as the smart way to allow children on websites. Before implementing a page for children, determine whether the page is for informational purposes only or includes banking activities. A risk assessment should be performed and the appropriate policies and procedures implemented. See other Q&A on social media policies for additional information.
Reference: The Children's Online Privacy Protection Act of 1998 (COPPA): 15 U.S.C. §§ 6501–6506. See also: https://www.fdic.gov/consumers/consumer/news/cnwin16/protect_children.html#parents; FFIEC: Consumer Compliance Risk Management Guidance on Social Media, 2013; Gramm Leach Bliley, Privacy Act: Regulation P: 1016.