The Field Report with Tom Field

Conforming with the FFIEC Authentication Guidance

3 New Webinars to Help Institutions and Vendors Meet the Deadline

On June 28, the Federal Financial Institutions Examination Council (aka the FFIEC) released its final, formal version of its Supplement to Authentication in an Internet Banking Environment (aka FFIEC Authentication Guidance). Not even one month later, we've created three new training programs to help banking institutions understand and conform with the new guidance.

Hey, big news requires special treatment. There's no bigger news in our corner of the industry this year than the FFIEC's long-awaited update. And, frankly, there couldn't be much more urgency for institutions to take action. Banks and credit unions have only until January 2012 to begin demonstrating conformance with the guidance.

Recognizing both the significance and urgency of this new guidance, we quickly huddled with our subject matter experts and crafted three unique training sessions. One is led by the FDIC's Jeff Kopchik - leader of the team that crafted the new guidance. The other two sessions are led by well-regarded banking/security leaders, Matthew Speare of M&T Bank and Philip Alexander of Wells Fargo Bank. Here are quick overviews of the three new webinars:

FFIEC Authentication Guidance: FDIC on Understanding and Complying with the 2011 Update

In the wake of devastating cyber attacks and fraud losses to banking institutions and customers, the FFIEC has issued its first online authentication guidance since 2005. Banking regulators will begin assessing institutions using this new guidance in 2012, so it's imperative to attend this session to gain expert insight from one of the supplement's key authors, Jeff Kopchik of the FDIC, on:
  • How the 2011 guidance differs from 2005's;
  • The core elements of the new guidance, including risk assessments, layered security, multifactor authentication and customer awareness;
  • Strategies for protecting commercial/retail customers and satisfying the guidance.

Following the main presentation, Kopchik will join Matthew Speare of M&T Bank for an open discussion of what this new guidance means for banking institutions.

FFIEC Authentication Guidance: How to Prepare for Your Next Exam

Upon issuing its 2011 update to online authentication guidance, the FFIEC put banking institutions on notice: Examiners will assess how institutions satisfy these enhanced expectations starting in January 2012. So, how should banking/security leaders go about meeting these new directives and ensuring the security of their retail and commercial customers?

Hear from Matthew Speare of M&T Bank on:

  • How to assess your institution's current level of compliance with the new guidance;
  • What "layered security" means to your institution;
  • How to differentiate security controls between commercial and consumer accounts.

Vendors' Guide to the FFIEC Authentication Guidance

For banking institutions, the release of the 2011 FFIEC Authentication Guidance is a game-changer, handing down new standards for layered security controls, risk assessments, authentication techniques and customer awareness. But what does all this mean to technology vendors and third-party service providers?

Hear from Philip Alexander of Wells Fargo Bank on:

  • What this new guidance means for banking institutions' vendors;
  • The unique security/risk management challenges facing institutions of all sizes;
  • How vendors can help institutions prepare for their 2012 regulatory examinations.

These sessions will be offered at various times throughout the coming months, so please consult our training calendar for a date and time convenient for you.

Meanwhile, be sure to check out our FFIEC Authentication Guidance resource center for the latest news, views and training on the hottest regulatory guidance of the year.

We were the first to cover this guidance when it was inadvertently released in draft form last December. And since the formal guidance was released in June, no news organization has produced more stories, interviews, blogs - or training sessions - relevant to the FFIEC Authentication Guidance.

Let us be your first and last stop en route to January 2012.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.