The Federal Financial Institutions Examination Council (FFIEC) released the long-awaited supplement to its authentication guidance, Authentication in an Internet Banking Environment.  The supplement represents the most current and authoritative guidance regarding data security in connection with online banking platforms. 

Here are a few highlights of the supplement:

  • Financial institutions should perform periodic risk assessments that take into account, among other factors, changes in the internal and external threat environment. 
  • Institutions should implement more robust controls for business and commercial banking as opposed to retail and consumer banking. 
  • Institutions should implement a layered approach to security for high-risk Internet-based banking applications, including processes to detect and respond to anomalies and tighter access controls for administrative functions. 
  • The supplement discusses the effectiveness of authentication techniques such as device identification and challenge questions. 

The federal banking regulators are expected to more closely scrutinize banking institutions’ security practices, especially in light of recent data breaches affecting the industry, and to use the supplement in conducting examinations.  

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and…

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and applications matters for banks and other financial institutions, the development of partnerships and platforms to provide innovative financial products and services, and a broad range of compliance areas such as anti-money laundering, financial privacy, cybersecurity, and consumer protection. He also works closely with banks and their directors and senior leadership teams on sensitive supervisory and strategic matters.

Mike plays an active role in the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as bitcoin and other cryptocurrencies, blockchain, big data, cloud computing, same day payments, and online lending. He has assisted numerous banks and fintech companies with the launch of innovative deposit and loan products, technology services, and cryptocurrency-related products and services.

Mike has advised a number of clients on compliance with TILA, ECOA, TISA, HMDA, FCRA, EFTA, GLBA, FDCPA, CRA, BSA, USA PATRIOT Act, FTC Act, Reg. K, Reg. O, Reg. W, Reg. Y, state money transmitter laws, state licensed lender laws, state unclaimed property laws, state prepaid access laws, and other federal and state laws and regulations.