Wednesday, June 29, 2011

New FFIEC Guidance will help to reduce the increasing security threats?

Final FFIEC Authentication Guidance Issued

Federal Financial Institutions Examination Council has formally released the long-awaited supplement to its "Authentication in an Internet Banking Environment" guidance, which was first issued by the FFIEC in October 2005.

Formal assessments for compliance with the
new guidance will begin in January 2012.

The purpose of the supplement is to reinforce the risk-management framework described in the original guidance and update the FFIEC member agencies' supervisory expectations regarding customer authentication, layered security, and other controls in the increasingly hostile online environment.

The official supplement highlights the need for:
  • Better risk assessments;
  • Effective strategies for mitigating known online risks;
  • Improved customer and employee fraud awareness.
In a news release about the official update, the FFIEC says growing sophistication of online threats have increased risks for financial institutions and their customers. "Customers and financial institutions have experienced substantial losses from online account takeovers," the FFIEC states. "Effective security is essential for financial institutions to safeguard customer information, reduce fraud stemming from the theft of sensitive customer information, and promote the legal enforceability of financial institutions' electronic agreements and transactions."

The FFIEC says it will continue to work closely with financial institutions to promote security in electronic banking. Examiners have been directed to formally assess financial institutions under the enhanced expectations outlined in the supplement beginning in January 2012.

The FFIEC is made up of the following regulatory agencies:
the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corp., Office of the Comptroller of the Currency, National Credit Union Administration and Office of Thrift Supervision.

Please refer here to read the changes in the new FFIEC guidance.

No comments: