Revised guidance on effective authentication and access risk management principles and practices related to digital banking services and information systems was issued this week by state and federal financial institution regulators through the Federal Financial Institutions Examination Council (FFIEC).
The guidance, issued by the regulators as FFIEC members (including the State Liaison Committee (SLC)), replaces direction issued in 2005 and 2011 on Internet-based services, focusing not only on customer access but also access by employees and third parties, according to the FFIEC.
“This Guidance acknowledges significant risks associated with the cybersecurity threat landscape that reinforce the need for financial institutions to effectively authenticate users and customers to protect information systems, accounts, and data,” the guidance states in its introduction. “The Guidance also recognizes that authentication considerations have extended beyond customers and include employees, third parties, and system-to-system communications.”
The exam council said the revised guidance:
LINK: FFIEC Issues Guidance on Authentication and Access to Financial Institution Services and Systems
Sign up to the receive the weekly InfoSight eNewsletter email. Existing subscribers can manage their subscription.
Cornerstone members have access to a wide variety of compliance assistance.
Now available on Spotify and Apple Podcasts.