Information Security: FFIEC Statement on Authentication and Access to Financial Institution Services and Systems

The Office of the Comptroller of the Currency (OCC), along with the other Federal Financial Institutions Examination Council (FFIEC) members, 1 today issued guidance addressing authentication and access to financial institution services and systems. The cybersecurity threat landscape continues to present significant risks to financial institutions, reinforcing the need for financial institutions to effectively authenticate and control access for users and customers to protect information systems, accounts, and data.

The FFIEC guidance provides risk management principles and practices that support a financial institution’s authentication of (1) users accessing financial institution information systems, including employees, board members, third parties, and other systems, and (2) consumer and business customers accessing digital banking services.

Rescissions

The guidance replaces the FFIEC members’ 2005 guidance, “Authentication in an Internet Banking Environment,” and 2011 guidance, “Supplement to Authentication in an Internet Banking Environment.” Also rescinded are OCC Bulletin 2005-35, “Authentication in an Internet Banking Environment: Interagency Guidance,” and OCC Bulletin 2011-26, “Authentication in an Internet Banking Environment: Supplement,” which conveyed the 2005 and 2011 guidance, respectively.

Note for Community Banks

The guidance applies to community banks. 2

Highlights

The guidance highlights

The guidance appendix includes examples of authentication controls and a list of government and industry resources and references to assist financial institutions with authentication and access management.

Further Information

Please contact Norine Richards, Director of Bank Information Technology Policy, or Kevin Greenfield, Deputy Comptroller for Operational Risk, at (202) 649-6550.

Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy

Related Link

1 The FFIEC comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee.

2 “Banks” refers collectively to national banks, federal savings associations, and federal branches and agencies of foreign banking organizations.

Topic(s):