On August 11, 2021, the Federal Financial Institutions Examination Council (the “FFIEC”) issued new guidance on risk management principles for access to and authentication of electronic funds transfers for the first time in over a decade, titled Authentication and Access to Financial Institution Services and Systems (the “New Guidance”).[1] The New Guidance effectively replaces the FFIEC’s prior guidance on this topic, including its original guidance issued in 2005, Authentication in an Internet Banking Environment (the “Original Guidance”), and the supplement issued in 2011 in response to increased fraud in Internet-based financial transactions (the “Supplement,”[2] and together with the Original Guidance, the “Guidance”). The Guidance was intended to set regulatory expectations for financial institutions offering Internet-based financial services to both commercial and consumer customers.
Continue Reading An Enhanced Standard of Commercial Reasonableness for Security Procedures? The FFIEC Updates Its Authentication Guidance for Internet-Based Financial Services
Scott R. Fryzel
Scott Fryzel is a member of the firm's Financial Industry Group. He represents national and state-chartered banks, foreign banks, credit unions, fintech companies and other financial institutions in a broad array of issues from core banking services to innovative financial products and alternative delivery channels. Mr. Fryzel is distinguished in the industry for specializing in fintech initiatives such as loan programs and payment processing, treasury management services, regulatory, outsourcing, vendor and client services agreements, and trade services transactions and processing. He advises clients on regulatory compliance with respect to institutional and policy matters, including guidance on issues for directors and senior officers, and the consumer regulations of the CFPB, OCC, FDIC, and the Federal Reserve. He regularly drafts agreements for commercial and consumer deposit products, card programs, and structured deposits as well as outsourcing projects and white-label programs.
Considerations for Financial Institutions Regarding Security Procedures for a Remote Workforce
We regularly work with financial institutions to navigate the challenges of implementing, maintaining, and using security procedures for commercial customers’ use of treasury management services. Security procedures are an integral part of the relationship between the financial institution and its commercial customers. Financial institutions offer (and frequently require) commercial customers to use the institution’s security procedures, which are agreed to be commercially reasonable, to originate payment orders (e.g., wire transfers and ACH Entries) from the customers’ accounts.
Issues often arise when one or more of a customer’s authorized users is not able to use his standard security procedures to access a financial institution’s physical or electronic payments systems to either originate or confirm a payment order. Due to the COVID-19 outbreak and concern over the implementation of preventative measures, including more companies asking or requiring employees to work remotely, financial institutions should consider which customers may need to update, amend or supplement the ways that its customers can make payments, whether this be through adding authorized users or implementing alternative methods to send payment orders.
Continue Reading Considerations for Financial Institutions Regarding Security Procedures for a Remote Workforce