FFIEC Authentication Guidance: Customer Education - Developing a Program That's Effective and Meets Regulatory Expectations

FFIEC Authentication Guidance: Customer Education - Developing a Program That's Effective and Meets Regulatory Expectations
For too long, banking institutions have paid only lip service to the need for developing information security awareness and education programs for their customers.

But now, as directed by the FFIEC Authentication Guidance, institutions as of January 2012 are expected to manage a robust awareness and education effort for retail and commercial customers alike.

But what is an effective awareness/education program, and how can it be rolled out online and in person to the customers who need it most?

Join an information security leader at a major U.S. bank for practical insights on how to:

  • Assess the awareness/education needs of retail and commercial customers;
  • Create an effective program that includes online, print and in-person components;
  • Develop an education and awareness strategy that is regularly updated and improved by customer feedback;
  • Develop a program that meets the regulatory requirements.

See Also: OnDemand | Overcoming the Limitations of Addressing Insider Threat in Banking: Real Solutions for Real Security Challenges

The entire FFIEC Guidance series:


When it comes to information security risks to retail and commercial customers, awareness and education programs have been much like the proverbial weather. Many institutions talked about these programs, but few implemented successful ones.

But now, with the advent of the 2011 supplement to the FFIEC Authentication Guidance, banking regulators are putting institutions on notice that they now will be examined on the efficacy of their customer education programs.

In part, this new emphasis is in response to the recent spate of ACH/wire fraud incidents, which defrauded unsuspecting commercial customers - many of whom did not realize their losses were not automatically reimbursed by the institutions. The new guidance calls for customer awareness and educational efforts tailored for retail and commercial account holders and, at a minimum, to include these elements:

  • An explanation of protections provided - and not provided - to accountholders;
  • An explanation of how and why the institution might contact a customer on an unsolicited basis and ask for the customer's electronic banking credentials;
  • Advice for commercial online banking customers to perform periodic risk assessments;
  • A listing of risk control mechanisms that customers may consider implementing to mitigate their own risk, or at the very least a listing of available resources where such information can be found;
  • A contact list for customers to use if they notice suspicious account activity or experience any security-related events.

To offer practical tips from his own institution's experience, Joe Rogalski of First Niagara Bank will outline his robust customer education/awareness program and show how - and where - it touches retail and commercial customers in multiple forms.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.