Skip to main content

Risk Assessments & Documentation Keys to FFIEC Guidance

With the compliance date for the FFIEC’s Internet Banking Authentication right around the corner, several credit unions have expressed their concerns as to the compliance impact their credit union will face if the guidelines for authentication are not fully implemented by January, 2012.
The core principles of the FFIEC guidance include ongoing risk assessments and strategies, layered security controls, and improved customer awareness of online banking risks. The Supplement stresses that the risk assessment(s) involved in the institution’s efforts to comply with the guidelines is not a one-time project. Instead, it’s ongoing:
“Financial institutions should review and update their existing risk assessments as new information becomes available, prior to implementing new electronic financial services, or at least every twelve months.”
The risk assessment(s) aids in determining which online transactions are higher risk than others. And although the guidance applies to all internet banking, it recognizes the fact that financial institutions will have more robust controls as the risk level of the transaction increases. The guidance uses consumer and business banking as an example. Although both would require security controls, the Guidance recognizes that the risk level differs:
“Since the frequency and dollar amounts of these [consumer] transactions are generally lower than commercial transactions, they pose a comparatively lower level of risk. Financial institutions should implement layered security, as described herein, consistent with the risk for covered consumer transactions."
The Guidance goes on to state:
“Since the frequency and dollar amounts of these [business] transactions are generally higher than consumer transactions, they pose a comparatively increased level of risk to the institution and its customer. Financial institutions should implement layered security, as described herein, utilizing controls consistent with the increased level of risk for covered business transactions. Additionally, the Agencies recommend that institutions offer multifactor authentication to their business customers.”
NCUA Letter to Credit Unions 11-CU-09 states:
“Federally insured credit unions will be expected to adapt appropriate strategies from the supplement to strengthen and enhance controls by January 2012. Beginning in 2012, at credit unions offering electronic services, NCUA examiners will evaluate these controls under the enhanced expectations outlined in the supplement.”
Documentation is Key. As credit unions strive towards following the updated guidance, they should be sure to document their progress to show examiners. Highlight the steps the credit union has taken to implement additional security controls as indicated by the risk assessment. Show examiners your plan for continued risk assessments and new controls. If your vendors will be slowly rolling out security enhancements in 2012, document your communications with these vendors so that examiners know you are working on mitigating these risks.
Risk Assessments & Documentation Keys to FFIEC Guidance:
By JiJi Bahhur, Regulatory Compliance Counsel NAFCU
For additional information on the FFIEC Authentication Guidance, check out our June 29th blog post.

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

Let the Truth be Told - Why a New NCUA Rule Could Jolt Credit Union Innovation

The National Credit Union Administration has finalized a rule to improve board and executive succession planning within the credit union industry. This strategic move aims to curb the trend of mergers driven by technological stagnation and poor succession strategies, ensuring more credit unions maintain their independence and enhance their technological capabilities. By Ken McCarthy, Manager of marketing communications at Tyfone Credit unions are merging out of existence because of an inability to invest in technology, the National Credit Union Administration Board wrote when introducing its now finalized rule on board succession planning. The regulator now requires credit unions to establish succession planning for critical positions in their organizations. But it’s likely to have even wider effects, such as preserving more independent charters and shaking up the perspectives of those on credit union boards. “Voluntary mergers can be used to create economies of scale to offer more or ...
Post a Comment
Read Complete Article HERE>»

Armand Parvazi MBA CUDE - Last Friday marked his last day with New Orleans Firemen’s Federal Credit Union.

It’s been an incredible journey, but it’s bittersweet to announce that Friday marked my last day with New Orleans Firemen’s Federal Credit Union. We've accomplished so much together in my six years as Chief Administrative and Development Officer. Some of the highlights: Implemented a data-driven marketing strategy that delivers over 1,800% annual ROI. Developed automated triggers to ensure members receive the right offers at the right time. Grew assets by 61% and increased products per new member from 1.88 to 2.62. Converted online banking to enhance the member experience. Introduced a loan origination system for faster and more efficient loan processing. Transitioned to a mobile-first financial institution to meet members where they are. Pioneered the first Cancer Care loan pause program in the nation (in collaboration with Andy Janning ) Secured nearly $17 million in grants for our impactful work. Expanded our field of membership to 35 parishes and counties and added numerous fi...
Post a Comment
Read Complete Article HERE>»

Biggest Social Security Changes for 2025

  Chris Gash Facebook Twitter LinkedIn Monthly payments are going up, and drop-in service at SSA offices is largely going away The  cost-of-living adjustment  (COLA) may be the most widely anticipated way Social Security changes from year to year, but it’s far from the only one. Inflation, wage trends and new policies directly affect not just the more than 68 million people receiving Social Security benefits but also the estimated 184 million workers (and future beneficiaries) paying into the system.  Here are seven important ways Social Security will be different in 2025. 1. Cost-of-living adjustment Inflation continued to cool this year , resulting in a  2.5 percent COLA  for 2025 for people receiving Social Security payments, down from  3.2 percent in 2024 . The estimated average retirement benefit will increase by $49 a month, from $1,927 to $1,976, starting in January, according to the Social Security Administration (SSA). It’s the lowest COLA i...
Post a Comment
Read Complete Article HERE>»