Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Enhancing Approval Rates: Best Practices In An Accelerated eCommerce Environment

Information Security Media Group • July 28, 2020

View this OnDemand webinar on the role that merchants and issuers play in enhancing approval rates.

Endpoint Security

Webcast: Keeping Remote Workers Safe and Your Work Secure

Latest

Business Continuity Management / Disaster Recovery

Webinar | 4 Actions to Secure Work from Home Employees

Information Security Media Group • April 27, 2020

This informational webinar will outline 4 actions you can take today to keep employees secure and productive during these challenging times, with tips straight from your identity and access management peers.

3rd Party Risk Management

Fraud Thrives in a Crisis - Why The Insurance Community Needs to Stay Vigilant

Dennis Toomey, Global Director, Counter Fraud Analytics and Insurance Solutions, BAE Systems Applied Intelligence • April 21, 2020

Alongside the sad and vast expense of legitimate claims, it is an unfortunate fact that in times of economic hardship, people have a history of taking any opportunity to exploit financial institutions for ill-gotten gain.

3rd Party Risk Management

Third-Party Risk Management: How to Grow a Mature Program

Information Security Media Group • April 7, 2020

Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX discusses the elements of a mature program, including the role of risk ratings.

Fraud Management & Cybercrime

Social Engineering's Role in Cyber Fraud - And What We Are Doing About It

James Hatch, BAE Systems Applied Intelligence • March 26, 2020

As outlined in our Vision for Tackling Cyber Fraud last year, social engineering - a prime example of industrialized criminal deception - is leaving modern society vulnerable in two separate ways.

COVID-19

Mobility and the Government Challenge

Information Security Media Group • March 10, 2020

Federal government agencies face unique cybersecurity risks, and as a result they often place tight restrictions on mobile devices in the workplace. Michael Campbell of Privoro says it's time to loosen these restrictions because they are negatively impacting missions, recruitment and retention.

Account Takeover

The Financial Services Security Disconnect

Nick Holland • March 5, 2020

A key disconnect exists between awareness of financial services fraud schemes and mitigation, according to the latest "Faces of Fraud" survey sponsored by Appgate. Mike Lopez, vice president at the firm, describes some key findings.

Anti-Money Laundering (AML)

Bringing Outsiders Into Your Compliance Team: Four Considerations

Richard Graham - Head of North American Business Solutions, BAE Systems Applied Intelligence • February 11, 2020

Money Laundering investigators are in high demand: banks and other financial institutions have spent almost two decades hiring more and more of them.

Finance & Banking

Is AI The Ultimate Weapon in The Fight Against Financial Crime?

Gareth Evans • December 20, 2019

No matter how good the lock on your door, sooner or later someone can break in. When they do, how do you monitor them?

Finance & Banking

Cyber Ground Truth in the Financial Sector

Information Security Media Group • December 18, 2019

3rd Party Risk Management

Is your Organization Suffering From Third-Party "Compliance Drift"?

Tony Howlett • December 13, 2019

Third-party vendors accessing your most critical systems and networks can also bring in security incidents along with all those wonderful things they promised in the sales presentation.

Cybercrime

NCSC Investigated 658 Serious Cybersecurity Incidents

Mathew J. Schwartz • October 23, 2019

The National Cyber Security Center, the U.K.'s national computer emergency response team, investigated 658 serious cybersecurity incidents in a 12-month period and supported nearly 900 victim organizations - most of whom learned they had fallen victim after being alerted by the center.