August 16, 2021

Regulators offer guidance on authentication and access to FI services

securityLast week, the Federal Financial Institutions Examination Council (FFIEC) issued guidance that provides financial institutions with examples of effective authentication and access risk management practices for customers, employees, and third parties accessing digital banking services and information systems.

The guidance highlights:

  • the current cybersecurity threat environment;
  • the importance of a financial institution's risk assessment when determining appropriate access and authentication practices for the wide range of users accessing financial institution systems and services;
  • the strength in multi-factor authentication effectively mitigating risks; and
  • examples of authentication controls.

In addition, the FFIEC outlined a list of industry resources to assist financial institutions with access management.

The new guidance replaces previous documents issued in 2005 and 2011.