|INTERNET SECURITY New resource helps banks comply with FFIEC supplement|
Banks struggling with implementation of the Federal Financial Institutions Examination Council (FFIEC) Supplement to Authentication in an Internet Banking Environment can now consult a detailed resource developed by NACHA—The Electronic Payments Association.
The resource, Sound Business Practices for Implementing Provisions of the Supplement, helps banks create internal policies and procedures in response to the supplement’s guidance—requiring financial institutions to complete periodic risk assessments, establish layered security controls, and educate customers on various forms of potential fraud. It also provides a side-by-side representation of key supplement points, parties affected by each point, any applicable requirement per NACHA Operating Rules, and ‘sound business practices’ to adhere to the points outlined in the supplement.
“A year after issuance of the FFIEC Supplement, many financial institutions are still looking for greater clarity around elements of the guidance and, as a result, are still working to fully implement the requirements,” says Tina Giorgio, senior vice-president, Sandy Spring Bank and member of NACHA’s Risk Management Advisory Group. “Clear understanding is critical to improving online banking security per the requirements outlined in the Supplement.”
In 2005, the FFIEC issued the original Authentication in an Internet Banking Environment Guidance. The 2005 Guidance provided a risk-management framework for financial institutions offering Internet-based products and services to their customers. In 2011, the FFIEC issued a Supplement to the 2005 Guidance. The purpose of the supplement is to reinforce the risk-management framework described in the original guidance and update the FFIEC member agencies’ supervisory expectations regarding customer authentication, layered security, and other controls in the online environment.
[This article was posted on July 23, 2012, on the website of ABA Banking Journal, www.ababj.com.]
| TechTopics Plus