Exam council broadens focus in authentication, access guidance on digital banking services and systems

August 11, 2021 CFPB, FDIC, NCUA, OCC, The Fed 0

Revised guidance on effective authentication and access risk management principles and practices related to digital banking services and information systems was issued Wednesday by the umbrella Federal Financial Institutions Examination Council (FFIEC).

The guidance replaces that issued in 2005 and 2011 on Internet-based services, focusing not only on customer access but also access by employees and third parties, the council said.

“This Guidance acknowledges significant risks associated with the cybersecurity threat landscape that reinforce the need for financial institutions to effectively authenticate users and customers to protect information systems, accounts, and data,” states the introductory portion of the guidance document. “The Guidance also recognizes that authentication considerations have extended beyond customers and include employees, third parties, and system-to-system communications.”

The council said the guidance:

Highlights the current cybersecurity threat environment including increased remote access by customers and users, and attacks that leverage compromised credentials; and mentions the risks arising from push payment capabilities.
Recognizes the importance of the financial institution’s risk assessment to determine appropriate access and authentication practices to determine the wide range of users accessing financial institution systems and services.
Supports a financial institution’s adoption of layered security and underscores weaknesses in single-factor authentication.
Discusses how multi-factor authentication or controls of equivalent strength can more effectively mitigate risks.
Includes examples of authentication controls, and a list of government and industry resources and references to assist financial institutions with authentication and access management.

The FFIEC guidance was issued on behalf of council members, which include a member of the Federal Reserve Board, the chairman of the Federal Deposit Insurance Corp. (FDIC); the chairman of the National Credit Union Administration (NCUA); the comptroller (currently “acting”) at the Office of the Comptroller of the Currency (OCC); the director (also “acting”) of the Consumer Financial Protection Bureau (CFPB); and the chairman of the State Liaison Committee.

FFIEC Issues Guidance on Authentication and Access to Financial Institution Services and Systems

Guidance document

FDIC: Deposit Insurance Fund on track to reach statutory minimum before deadline

April 25, 2024 0

The federal bank deposit insurer’s Deposit Insurance Fund (DIF) reserve ratio grew from 1.11% June 2023 to 1.15% in December and remains on track to return to its statutory minimum of 1.35% before its statutory deadline of Sept. 30, 2028, [...]
Competing proposals to change rules on Bank Control Act withdrawn after neither can win majority of FDIC Board votes

April 25, 2024 0

Neither of two competing proposals for changes to the federal bank deposit insurer’s rules implementing the Bank Control Act (BCA) were adopted Thursday by the agency’s board after sponsors of the two proposals withdrew them, largely after it became apparent [...]
CFPB’s consumer panel to meet May 15

April 25, 2024 0

A public meeting of the Consumer Advisory Board (CAB) of the federal consumer financial protection agency is slated for May 15 from 10:30 a.m. to 1 p.m. Eastern. CAB is charged with advising and consulting with the Consumer Financial Protection [...]
Bureau asserts scrutiny of mortgage servicing fees having impact; declines in overdraft, NSF fees leveling off

April 24, 2024 0

More than $120 million in junk fee refunds since August from bank account deposits has resulted in the federal consumer financial protection agency’s supervision work on the charges, the agency said in a release Wednesday. Meanwhile, the agency said, fees [...]
4 named to FDIC MDI subcommittee; panel to meet May 1

April 24, 2024 0

Four bankers have been named to the minority depository institutions (MDI) panel that provides feedback to the Federal Deposit Insurance Corp. (FDIC) on how the agency fulfills its statutory goals to support MDIs, the FDIC announced Wednesday. The new members [...]
Agencies give extension to comment period for Capitol One’s proposed purchase of Discover

April 24, 2024 0

The acquisition of Discover Financial Services by a large, Virginia-based banking firm will be subject to public comment through May 31, federal banking regulators said separately Wednesday. The Federal Reserve Board and the Office of the Comptroller of the Currency [...]

Related