Skip to main content

Risk Assessments & Documentation Keys to FFIEC Guidance

With the compliance date for the FFIEC’s Internet Banking Authentication right around the corner, several credit unions have expressed their concerns as to the compliance impact their credit union will face if the guidelines for authentication are not fully implemented by January, 2012.
The core principles of the FFIEC guidance include ongoing risk assessments and strategies, layered security controls, and improved customer awareness of online banking risks. The Supplement stresses that the risk assessment(s) involved in the institution’s efforts to comply with the guidelines is not a one-time project. Instead, it’s ongoing:
“Financial institutions should review and update their existing risk assessments as new information becomes available, prior to implementing new electronic financial services, or at least every twelve months.”
The risk assessment(s) aids in determining which online transactions are higher risk than others. And although the guidance applies to all internet banking, it recognizes the fact that financial institutions will have more robust controls as the risk level of the transaction increases. The guidance uses consumer and business banking as an example. Although both would require security controls, the Guidance recognizes that the risk level differs:
“Since the frequency and dollar amounts of these [consumer] transactions are generally lower than commercial transactions, they pose a comparatively lower level of risk. Financial institutions should implement layered security, as described herein, consistent with the risk for covered consumer transactions."
The Guidance goes on to state:
“Since the frequency and dollar amounts of these [business] transactions are generally higher than consumer transactions, they pose a comparatively increased level of risk to the institution and its customer. Financial institutions should implement layered security, as described herein, utilizing controls consistent with the increased level of risk for covered business transactions. Additionally, the Agencies recommend that institutions offer multifactor authentication to their business customers.”
NCUA Letter to Credit Unions 11-CU-09 states:
“Federally insured credit unions will be expected to adapt appropriate strategies from the supplement to strengthen and enhance controls by January 2012. Beginning in 2012, at credit unions offering electronic services, NCUA examiners will evaluate these controls under the enhanced expectations outlined in the supplement.”
Documentation is Key. As credit unions strive towards following the updated guidance, they should be sure to document their progress to show examiners. Highlight the steps the credit union has taken to implement additional security controls as indicated by the risk assessment. Show examiners your plan for continued risk assessments and new controls. If your vendors will be slowly rolling out security enhancements in 2012, document your communications with these vendors so that examiners know you are working on mitigating these risks.
Risk Assessments & Documentation Keys to FFIEC Guidance:
By JiJi Bahhur, Regulatory Compliance Counsel NAFCU
For additional information on the FFIEC Authentication Guidance, check out our June 29th blog post.

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

Let the Truth be Told - Why a New NCUA Rule Could Jolt Credit Union Innovation

The National Credit Union Administration has finalized a rule to improve board and executive succession planning within the credit union industry. This strategic move aims to curb the trend of mergers driven by technological stagnation and poor succession strategies, ensuring more credit unions maintain their independence and enhance their technological capabilities. By Ken McCarthy, Manager of marketing communications at Tyfone Credit unions are merging out of existence because of an inability to invest in technology, the National Credit Union Administration Board wrote when introducing its now finalized rule on board succession planning. The regulator now requires credit unions to establish succession planning for critical positions in their organizations. But it’s likely to have even wider effects, such as preserving more independent charters and shaking up the perspectives of those on credit union boards. “Voluntary mergers can be used to create economies of scale to offer more or ...
Post a Comment
Read Complete Article HERE>»

Speakers & Sessions For NCOFCU 24 San Antonio TX.

National Council of Firefighter Credit Unions Inc (NCOFCU)  Speakers and Schedule! It is the National Council of Firefighter Credit Unions (NCOFCU) "GO TO Conference" for credit unions serving first responders! Who should attend? CEO's, VP's Directors and Staff See What's Planned Register Here! Bring your spouse, bring a guest to enjoy San Antonio, TX River Walk 4 Days Golf 16 + Sessions Alamo Reception Closing Dinner Right on the San Antonio River Walk Several Networking events Open Forums Idea Exchange Events Panel Discussions of CU Leaders National & Industry Speakers Trends in First-Responder Credit Unions Director & Volunteer Sessions Exhibitors ShowcaseAnd  So Much More! HOTEL REGISTER HERE
Post a Comment
Read Complete Article HERE>»

Armand Parvazi MBA CUDE - Last Friday marked his last day with New Orleans Firemen’s Federal Credit Union.

It’s been an incredible journey, but it’s bittersweet to announce that Friday marked my last day with New Orleans Firemen’s Federal Credit Union. We've accomplished so much together in my six years as Chief Administrative and Development Officer. Some of the highlights: Implemented a data-driven marketing strategy that delivers over 1,800% annual ROI. Developed automated triggers to ensure members receive the right offers at the right time. Grew assets by 61% and increased products per new member from 1.88 to 2.62. Converted online banking to enhance the member experience. Introduced a loan origination system for faster and more efficient loan processing. Transitioned to a mobile-first financial institution to meet members where they are. Pioneered the first Cancer Care loan pause program in the nation (in collaboration with Andy Janning ) Secured nearly $17 million in grants for our impactful work. Expanded our field of membership to 35 parishes and counties and added numerous fi...
Post a Comment
Read Complete Article HERE>»