In an interview with Information Security Media Group, William Henley, Associate Director of the Federal Deposit Insurance Corporation’s (FDIC) Technology Supervision Branch, discussed the status of the banking industry’s implementation of FFIEC authentication guidance released in July 2011.  Henley generally said that the industry was working towards compliance and offered that FDIC examiners at this stage were looking for good faith efforts to comply:  “What the examiners were looking for were reasonable, good faith efforts that an institution was working toward compliance….If any institution was working toward a compliance plan, that’s all they needed to do.”

He also described the federal banking agencies’ move away from “controls-based oversight” to “governance-based oversight.”  The agencies do not want to be in the position of constantly reacting to the newest form of technology through the issuance of internal controls guidance tailored to the technology.  Instead, the agencies would prefer to address emerging technology risks through requirements relating to robust risk management, board oversight, and broader risk mitigation strategies that can address any form of emerging technology.

The federal banking agencies have prioritized information security highly.  We will continue to monitor and report on developments.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is a partner in the firm’s Financial Institutions practice group. He represents banks and other financial institutions on a wide variety of bank regulatory, enforcement, legislative and policy issues.  Mr. Nonaka also is co-chair of the firm’s Fintech Initiative and works…

Michael Nonaka is a partner in the firm’s Financial Institutions practice group. He represents banks and other financial institutions on a wide variety of bank regulatory, enforcement, legislative and policy issues.  Mr. Nonaka also is co-chair of the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as big data, blockchain and related technologies, bitcoin and other virtual currencies, same day payments, and online lending.