Today, NACHA -The Electronic Payments Association, released a resource to support financial institutions with ongoing efforts to refine their implementation of the provisions of the Federal Financial Institutions Examination Council (FFIEC) Supplement to Authentication in an Internet Banking Environment.
The resource, developed by NACHA's Risk Management Advisory Group, identifies sound business practices that financial institutions could use to create internal policies and procedures in response to guidance in the Supplement. The guidance requires financial institutions to complete periodic risk assessments, establish layered security controls, and educate customers on various forms of potential fraud.
In October 2005, the FFIEC issued the original Authentication in an Internet Banking Environment Guidance. The 2005 Guidance provided a risk management framework for financial institutions offering Internet-based products and services to their customers. On June 28, 2011, the FFIEC issued a Supplement to the 2005 Guidance. The purpose of the Supplement is to reinforce the risk-management framework described in the original guidance and update the FFIEC member agencies' supervisory expectations regarding customer authentication, layered security, and other controls in the online environment.
"A year after issuance of the FFIEC Supplement, many financial institutions are still looking for greater clarity around elements of the guidance and, as a result, are still working to fully implement the requirements," said Tina Giorgio, Senior Vice President, Sandy Spring Bank and member of NACHA's Risk Management Advisory Group. "Clear understanding is critical to improving online banking security per the requirements outlined in the Supplement."
NACHA's Sound Business Practices for Implementing Provisions of the Supplement provides financial institutions with a clear framework to implement the provisions of the FFIEC Supplement. Specifically, it offers financial institutions a side-by-side representation of key points of the Supplement, parties affected by each point, any applicable requirement per the NACHA Operating Rules, and sound business practices to adhere to the points outlined in the Supplement.
"We are pleased to partner with the financial industry an and offer this straightforward resource intended to support the efforts of financial institutions as they work to appropriately utilize online security controls and conform to FFIEC guidance," said Janet O. Estep, NACHA President and CEO. "The use of appropriate, layered controls will help financial institutions minimize risk, reduce potential future fraud, and retain confidence in electronic banking and payments systems."