NACHA Offers Help on FFIEC Compliance
NACHA, the electronics payments association, has launched a resource to support financial institutions in complying with online authentication guidance from the US Federal Financial Institutions Examination Council (FFIEC) in its ‘Supplement to Authentication in an Internet Banking Environment’.
The guidance identifies sound business practices that financial institutions could use to create internal policies and procedures in response, including the completion of periodic risk assessments, establishing layered security controls and educating customers on various forms of potential fraud.
The FFIEC’s supplement was issued last June as an update to its original 2005 publication ‘Authentication in an Internet Banking Environment Guidance’, which provided a risk management framework for financial institutions offering internet-based products and services. The supplement aimed to reinforce the risk management framework described in the original guidance and update the FFIEC member agencies’ supervisory expectations for customer authentication, layered security, and other controls in the online environment.
“A year after issuance of the FFIEC supplement, many financial institutions are still looking for greater clarity around elements of the guidance and, as a result, are still working to fully implement the requirements,” said Tina Giorgio, senior vice president (SVP), Sandy Spring Bank, and a member of NACHA’s risk management advisory group. “Clear understanding is critical to improving online banking security per the requirements outlined in the supplement.”
NACHA’s ‘Sound Business Practices for Implementing Provisions of the Supplement’ provides financial institutions with a clear framework to implement the provisions of the FFIEC Supplement. It includes a side-by-side representation of its key points and the parties affected, any applicable requirement per the NACHA operating rules, and sound business practices to adhere to the points outlined in the supplement.