Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Em@il Education FREE Briefings Record Retention
 

Support for BOL is provided by:

MAIN CONTENT 
Compliance

    Agency Road Maps

    Alphabet Soup

    Compliance Tools

    FACTA/FCRA

    OFAC

Lending

    FACTA/FCRA

    Lending Tools

    SCRA

Marketing

Operations

    Check 21

    Operations Tools

    SAR Resrch Guide

Security

    AML/BSA

    Bank Robbery

    Counterfeits

    ID Fraud/Phishing

    Security Tools

Technology/eBanking

    Info Security


SPECIAL AREAS 
BOL Archives

BOL Blogs

Briefing Archive

Calendar

Court Watch
Em@il Education

Examiner's Corner

Executive Briefing

Infovault

Launch Pad

Site Map

Site Orientation

Top Stories


~ ~ ~
SERVICES 
CrimeDex

Em@il Education

ID Verification

Record Retention


~ ~ ~
SHOP 

Banker Store
Bankers Info Ntwk
Vendor Connect

CONNECT 

Career Connect

Learning Connect

Vendor Connect

Guru Central

INTERACT 

Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


TOOLS 

60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms

FUN 

BOL Recipes

eCard Exchange

LEARN MORE 

About Advertising
About Our Sponsors
About Us




Print Friendly! Email This Article! Discuss NOW!


Does the Risk Assessment required by the FFIEC Handbook make me compliant with the October 2005 FFIEC Guidance?
Elizabeth J. Hale, Director, Risk Management, CC Pace


Question: I already perform Risk Assessments as required by the FFIEC Handbook. Does this mean that I'm in compliance with the October 2005 FFIEC Guidance "Authentication in and Internet Banking Environment"?

Answer: Unfortunately, no. Banks have been required to perform various risk assessments by current FFIEC IT Handbook procedures, however the Risk Assessment required by this guidance is different. Most banks currently perform an inwardly facing risk assessment that examines threats and vulnerabilities posed to their internal systems by hackers or other unethical individuals. This guidance looks at the possibility that someone can access online (and other electronic) systems by easily posing as a legitimate customer. The risk assessment must be performed on a transaction-by-transaction basis, from the customer access perspective. Key indicators to whether or not a transaction is deemed "high-risk" are the ability to transfer funds or the disclosure of personal non-public information. So in short, this is a new risk assessment which must be performed on all electronic delivery channels that will drive the bank's mitigation strategy. In addition, in order to be fully compliant, the risk assessment must be complete, and the mitigation strategy must be implemented by year-end 2006.

CC Pace Boilerplate CC Pace is a financial services consulting firm whose clients include members of the Fortune 100, as well as industry entrants and mid-size firms. CC Pace provides the banking industry the information and services you need to stay competitive in your markets using the best and most secure risk management and mitigation technologies. For additional information please visit our website at www.ccpace.com, call us at 703-631-6600, or email us at info@ccpace.com.



First published on BankersOnline.com 9/11/06




Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.