Following hacks, FFIEC issues security bulletin

The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members,1 today issued the attached statement, in light of recent cyber attacks, to remind financial institutions of the need to actively manage the risks associated with interbank messaging and wholesale payment networks.

Be the first to comment

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Financial institutions should review their risk management practices and controls over information technology (IT) and wholesale payment systems networks, including authentication, authorization, fraud detection, and response management systems and processes. The statement emphasizes that participants in interbank messaging and wholesale payment networks should conduct ongoing assessments of their ability to mitigate risks related to information security, business continuity, and third-party provider management.

Note for Community Banks
This guidance is applicable to all OCC-supervised institutions that use interbank messaging and wholesale payment networks either directly or through service providers.

Highlights

  • In accordance with existing regulatory expectations and FFIEC guidance, national banks and federal savings associations should take appropriate risk mitigation steps, including
  • conducting ongoing information security risk assessments.
  • performing security monitoring, prevention, and risk mitigation.
  • protecting against unauthorized access.
  • implementing and testing controls around critical systems regularly.
  • managing business continuity risk.
  • enhancing information security awareness and train 
Sponsored [New Whitepaper] APIs, Automation, and AI: An Arsenal to Defend Against Card Transaction Fraud

Comments: (0)

[Webinar] Ensuring Interoperability in the Age of Global, Cross-Border e-InvoicingFinextra Promoted[Webinar] Ensuring Interoperability in the Age of Global, Cross-Border e-Invoicing