Compliance Management

FFIEC answers questions before end-of-year deadline

The Federal Financial Institutions Examination Council (FFIEC) has issued a "frequently asked questions" (FAQ) document as the end-of-year deadline approaches for financial institutions to implement measures toward stronger customer authentication.

The seven-page document, released last week, offers answers to real questions the FFIEC received regarding the guidelines it issued last October. The guidance addressed security measures that financial institutions, such as banks, should implement to reliably authenticate customers accessing online financial services.

The guidelines are not considered regulations in that they allow financial organizations to decide how they want to place more levels of authentication on existing systems. However, the guidelines state that the FFIEC - a five-member body responsible for spelling out standards and principles in the banking field - expects institutions to complete risk assessment and implement risk mitigation features by the end of the year.

The Federal Reserve Board sent letters to organizations it oversees that must adhere to the new rules, alerting them about the FAQs, said Deborah Lagomarsino, spokeswoman for the board, one of the council's five members.

"It's basically to help them in terms of implementing this guidance," she said of the FAQs.

Among the topics covered by the FAQs include scope, timing, definitions, risk assessment, customers and technology service providers.

"Institutions should review these FAQs in conjunction with the guidance as they assess risks in their internet-based products and services and determine appropriate authentication solutions for permitting access to systems that process high-risk transactions…," according to an FFIEC statement.

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.