Skip to main content

Risk Assessments & Documentation Keys to FFIEC Guidance

With the compliance date for the FFIEC’s Internet Banking Authentication right around the corner, several credit unions have expressed their concerns as to the compliance impact their credit union will face if the guidelines for authentication are not fully implemented by January, 2012.
The core principles of the FFIEC guidance include ongoing risk assessments and strategies, layered security controls, and improved customer awareness of online banking risks. The Supplement stresses that the risk assessment(s) involved in the institution’s efforts to comply with the guidelines is not a one-time project. Instead, it’s ongoing:
“Financial institutions should review and update their existing risk assessments as new information becomes available, prior to implementing new electronic financial services, or at least every twelve months.”
The risk assessment(s) aids in determining which online transactions are higher risk than others. And although the guidance applies to all internet banking, it recognizes the fact that financial institutions will have more robust controls as the risk level of the transaction increases. The guidance uses consumer and business banking as an example. Although both would require security controls, the Guidance recognizes that the risk level differs:
“Since the frequency and dollar amounts of these [consumer] transactions are generally lower than commercial transactions, they pose a comparatively lower level of risk. Financial institutions should implement layered security, as described herein, consistent with the risk for covered consumer transactions."
The Guidance goes on to state:
“Since the frequency and dollar amounts of these [business] transactions are generally higher than consumer transactions, they pose a comparatively increased level of risk to the institution and its customer. Financial institutions should implement layered security, as described herein, utilizing controls consistent with the increased level of risk for covered business transactions. Additionally, the Agencies recommend that institutions offer multifactor authentication to their business customers.”
NCUA Letter to Credit Unions 11-CU-09 states:
“Federally insured credit unions will be expected to adapt appropriate strategies from the supplement to strengthen and enhance controls by January 2012. Beginning in 2012, at credit unions offering electronic services, NCUA examiners will evaluate these controls under the enhanced expectations outlined in the supplement.”
Documentation is Key. As credit unions strive towards following the updated guidance, they should be sure to document their progress to show examiners. Highlight the steps the credit union has taken to implement additional security controls as indicated by the risk assessment. Show examiners your plan for continued risk assessments and new controls. If your vendors will be slowly rolling out security enhancements in 2012, document your communications with these vendors so that examiners know you are working on mitigating these risks.
Risk Assessments & Documentation Keys to FFIEC Guidance:
By JiJi Bahhur, Regulatory Compliance Counsel NAFCU
For additional information on the FFIEC Authentication Guidance, check out our June 29th blog post.

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

Mortgage Rates See Biggest Decline in a Year; Applications Rise

WASHINGTON–Mortgage rates saw the biggest one-week drop in over a year last week, causing the first increase in mortgage demand in a month, according to new data. Total mortgage application volume rose 2.5% last week, compared with the previous week, according to the Mortgage Bankers Association's seasonally adjusted index. The average contract interest rate for 30-year fixed-rate mortgages with conforming loan balances ($726,200 or less) decreased to 7.61% from 7.86%, with points falling to 0.69 from 0.73 (including the origination fee) for loans with a 20% down payment. The Rate Driver "Last week's decrease in rates was driven by the U.S. Treasury's issuance update, the Fed striking a dovish tone in the November FOMC statemen
Post a Comment
Read Complete Article HERE>»

Growing Delinquencies, Especially in Auto Loans, Can be Seen in New CUNA Report

MADISON, Wis.–Ongoing increases in delinquencies, especially in automobile loans, can be seen in the new CUNA Economic Update . According to CUNA Chief Economist Mike Schenk, the report shows: Mortgage delinquencies. With data obtained by Equifax, CUNA economists said they have found “slight upward movements” in mortgage delinquency rates.   Credit card delinquencies. Bigger increases in delinquency rates relative to the cyclical low – as seen during the COVID-19 pandemic – is concerning, said Schenk.   Auto loan delinquencies: Data shows a “dramatic” increase in delinquency rates among institutions such as auto financing companies.  CUNA Forecast   CUNA’s economists are forecasting delinquency rates will peak at 1% by the end of 2024.
Post a Comment
Read Complete Article HERE>»

Speakers & Sessions For NCOFCU 24 San Antonio TX.

National Council of Firefighter Credit Unions Inc (NCOFCU)  Speakers and Schedule! It is the National Council of Firefighter Credit Unions (NCOFCU) "GO TO Conference" for credit unions serving first responders! Who should attend? CEO's, VP's Directors and Staff See What's Planned Register Here! Bring your spouse, bring a guest to enjoy San Antonio, TX River Walk 4 Days Golf 16 + Sessions Alamo Reception Closing Dinner Right on the San Antonio River Walk Several Networking events Open Forums Idea Exchange Events Panel Discussions of CU Leaders National & Industry Speakers Trends in First-Responder Credit Unions Director & Volunteer Sessions Exhibitors ShowcaseAnd  So Much More! HOTEL REGISTER HERE
Post a Comment
Read Complete Article HERE>»