FFIEC and NIST Guidance: Mobile and Digital Requirements
Report Summary
FFIEC and NIST Guidance: Mobile and Digital Requirements
The regulator seeks to ensure that FIs’ risk management strategies adequately protect customers using the mobile channel.
Boston, April 26, 2017 – Though many financial institution executives initially believed that the mobile channel could be secured by the same technologies designed to protect the online environment, time has shown that such is not the case. The U.S. Federal Financial Institutions Examination Council published its handbook on security in the mobile channel in May 2016, and a couple months later, the National Institute of Standards and Technology released its proposed update to federal agencies’ digital authentication requirements. What do FIs need to do to comply with the FFIEC’s requirements? And can the NIST guidelines support their strategic planning for authentication and digital protection?
This report demystifies the guidance from the FFIEC and NIST, and is based on analysis of the FFIEC’s published mobile guidance, NIST’s draft digital authentication guidelines, and telephone interviews with executives in the financial services industry.
This 21-page Impact Note contains three figures and three tables. Clients of Aite Group’s Fraud & AML service can download this report, the corresponding charts, and the Executive Impact Deck.