MONTH-IN-BRIEF (Aug 2021)
FFIEC Issues New Guidance on Authentication and Access to Financial Services and Systems
By Eric Mogilnicki & Uttara Dukkipati, Covington & Burling LLP
On August 11, 2021, the Federal Financial Institutions Examination Council (“FFIEC”) issued guidance to provide financial institutions with examples of effective risk management principles and practices for access and authentication. As described by the FFIEC, “These principles and practices address business and consumer customers, employees, and third parties that access digital banking services, and financial institution information systems.” The guidance acknowledges “significant risks associated with the cybersecurity threat landscape,” including increased remote access, that reinforce the need for financial institutions to effectively authenticate users and customers to protect information systems, accounts, and data. The guidance emphasizes the importance of the financial institution’s risk assessment to determine appropriate access and authentication practices.