FFIEC Cybersecurity Compliance
FFIEC (Federal Financial Institutions Examination Council) compliance is the conformance to a set of standards used in online banking that were first issued in 2005 by the aforementioned organization, on behalf of the Board of Governors of the Federal Reserve System, the Federal Depositor Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Consumer Financial Protection Bureau. As security needs expand due to the growth of the internet, it is important to verify FFIEC cybersecurity compliance.
Organizations use Threatcare’s Breach and Attack Simulation Technology (BAS Technology) to validate their cybersecurity. Threatcare is the leader in proactive cyber defense; their platform enables users to safely simulate events on their systems to ensure that they are safe from malicious attacks.
Compliance standards require a multi-factor authentication (MFA) due to the fact that single-factor authentication (SFA) has proved unsatisfactory against tactics being used by hackers who are increasingly sophisticated, particularly online.
In MFA, then, more than one form of authentication is used to verify the legitimacy of a transaction, whereby SFA just involves a user identification and a password.
Comprehensive assessments of the internal environment of institutions must be carried out in order to determine whether they are FFIEC compliant. These identify potential weaknesses and threats to systems. Afterward, goals must be set and fixes to problems implemented, while periodic risk assessments performed to ensure adequate system security.
One outstanding feature of FFIEC compliance is a requirement that encryption be used in all online transaction processing (OLTP) that are done by financial institutions. This is a large part of FFIEC cybersecurity compliance. Furthermore, the level of encryption has to be strong enough to prevent unauthorized disclosure within a financial institution’s internal networks as well as among shared external networks.
Financial networks are required to pay close attention to 11 areas of compliance:
- Business continuity planning
- Development and acquisition
- Information security
- Electronic banking
- IT audit
- IT management
- Outsourcing of technology services
- Supervision of technology service providers
- Retail payment systems
- Wholesale payment systems
In 2004, the council updated its technology exam manual to catch up with the rapidly increasing pace of technology advancement that was taking place especially at financial institutions and technology service providers. That resulted in the FFIEC Examination Handbook.
The council is a formal interagency body that has been charged with prescribing uniform principles, standards and reporting forms for the federal examination of financial institutions. Also, the council has been empowered as well to make recommendations to promote more uniformity regarding examination principles and standards for both federal and state supervisory authorities.
Learn more about why organizations use Threatcare to verify compliance.