FFIEC – Issued Guidance on Authentication and Access to Financial Institution Services and Systems

August 11, 2021 – FFIEC issued guidance to provide examples of effective authentication and access risk management principles, practices for digital banking/information systems. The new guidance replaced previous documents issued in 2005 and 2011.

Guidance Highlights: Highlights the importance of a risk assessment to determine appropriate access and authentication practices for a wider range of users, including customers and employees. The adoption of layered security is an important security practice -multifactor authentication can effectively mitigate customer and user unauthorized access. Discussed the current cybersecurity threat environment, including attacks that leverage compromised user and customer credentials, remote access, and other concerns. Included examples of authentication controls, a list of resources, and references to assist financial institutions with authentication and access management.

For more information, visit www.ffiec.gov.

Discover More Regulatory Insights

Visit the AxiomSL resource center for recent Regulatory Changes for financial institutions, InsideView Blog, and Thought Leadership.

We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.