On August 11, 2021, the Federal Financial Institutions Examination Council (the “FFIEC”) issued new guidance on risk management principles for access to and authentication of electronic funds transfers for the first time in over a decade, titled Authentication and Access to Financial Institution Services and Systems (the “New Guidance”).[1] The New Guidance effectively replaces the FFIEC’s prior guidance on this topic, including its original guidance issued in 2005, Authentication in an Internet Banking Environment (the “Original Guidance”), and the supplement issued in 2011 in response to increased fraud in Internet-based financial transactions (the “Supplement,”[2] and together with the Original Guidance, the “Guidance”). The Guidance was intended to set regulatory expectations for financial institutions offering Internet-based financial services to both commercial and consumer customers.
Continue Reading An Enhanced Standard of Commercial Reasonableness for Security Procedures? The FFIEC Updates Its Authentication Guidance for Internet-Based Financial Services
Lindsay S. Henry
Lindsay Henry is a senior counsel in Dykema’s Financial Industry Group. Her experience includes counseling state and national banks, fintech companies and a variety of other financial institutions and financial services providers on regulatory issues and compliance, consumer credit transactions, deposit products, bank mergers and acquisitions, licensing, regulatory applications, technology contracting, payment processing, fair lending and privacy matters, digital banking, mortgage lending and servicing, stored value products and marketplace lending arrangements.
Considerations for Financial Institutions Regarding Security Procedures for a Remote Workforce
We regularly work with financial institutions to navigate the challenges of implementing, maintaining, and using security procedures for commercial customers’ use of treasury management services. Security procedures are an integral part of the relationship between the financial institution and its commercial customers. Financial institutions offer (and frequently require) commercial customers to use the institution’s security procedures, which are agreed to be commercially reasonable, to originate payment orders (e.g., wire transfers and ACH Entries) from the customers’ accounts.
Issues often arise when one or more of a customer’s authorized users is not able to use his standard security procedures to access a financial institution’s physical or electronic payments systems to either originate or confirm a payment order. Due to the COVID-19 outbreak and concern over the implementation of preventative measures, including more companies asking or requiring employees to work remotely, financial institutions should consider which customers may need to update, amend or supplement the ways that its customers can make payments, whether this be through adding authorized users or implementing alternative methods to send payment orders.
Continue Reading Considerations for Financial Institutions Regarding Security Procedures for a Remote Workforce