FFIEC Guidance of Online Banking Environments

Answered by:

Question:

Under the updated FFIEC guidance for online banking environments, are individuals operating DBA's that do not engage in high risk transactions, such as ACH/Wire origination, required to have the same layers of security as larger commercial accounts? The guidance seems to suggest that all commercial accounts require enhanced security. However, most of the small DBA's function as individuals with limited online banking activity.

Answer:

The security ought to be appropriate to the level of risk involved. The more access the customer has or may have to online systems, the more controls and security there should be imposed.

First published on BankersOnline.com 11/28/11