FFIEC Guidance: Exams Have Begun

Are Institutions Prepared to Meet Minimum Requirements?
FFIEC Guidance: Exams Have Begun

Banking regulators have begun examining institutions for conformance to the FFIEC Authentication Guidance. What gaps will they find? Terry Austin of Guardian Analytics offers insight and security tips.

See Also: Role of Deception in the 'New Normal'

At its core, the 2011 authentication guidance supplement prescribes just two minimum requirements for layered security programs: the ability to detect and respond to anomalous activity, and enhanced controls for system administrators.

Yet, nearly a year after the supplement was issued, many banking institutions still are not prepared to meet these two requirements - and their lack of preparation will hurt them when examiners come calling.

"There are a lot of institutions that just aren't ready," Austin says. "They haven't done the groundwork, and they're going to be scrambling in 2012 to get ready for their exams and to conform [with the guidance]."

The issue for many institutions: Too many fraud threats and compliance mandates - it's hard to focus on any one area. But Austin believes institutions can improve both security and compliance by honing in on meeting these two minimum FFIEC standards for layered security.

"If the research is done and action is taken, it's pretty easy to meet those minimum requirements," Austin says. "Then you can move on to the risk assessments and layered security approaches to address some of the other risks."

In an exclusive video interview recorded at RSA Conference 2012, Austin discusses:

  • Fraud prevention gaps prevalent at many institutions;
  • Positive results of a recent FFIEC exam of one of Guardian's bank customers;
  • How to prepare for growing mobile banking threats.

Prior to joining Guardian Analytics, Austin served as CEO and president of MarketLive, a leading provider of eCommerce platform solutions, where he created a scalable business strategy, assembled a world-class executive team and led successful fundraising efforts. He was previously president of worldwide marketing and sales at Good Technology, a provider of mobile computing solutions, where he spearheaded the company's rapid growth from 10,000 to over 500,000 subscribers and facilitated its acquisition by Motorola in January 2007. Austin has also served as president of EMEA and executive vice president for Manugistics, a market leading provider of enterprise software. He started his career at Accenture, where he ultimately led an $80 million consulting practice as a lead partner.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.