Credit unions can soon expect “enhanced expectations” about Internet security when NCUA examiners come calling.
NCUA Chairman Debbie Matz made that promise after the FFIEC issued new guidelines this week for securing online banking and money transfer channels.
Matz is chair of the multi-agency panel that issued the new document, which updates guidance issued in 2005. The FFIEC doesn’t recommend any specific software solutions in the report but said it has instructed its member agencies, including the NCUA, to formally assess financial institutions based on the new guidance beginning in January 2012.
“Federal financial regulators issued updated guidance to address Internet threats which have changed significantly over the past several years,” Matz said. “Sophisticated hacking techniques and growing organized cyber-criminal groups are increasingly targeting financial institutions, compromising authentication mechanisms and security controls, and engaging in online account takeovers and fraudulent electronic funds transfers.”
The 12-page report notes that not all transactions in the growing online channel involve the same measure of risk and recommends financial institutions increase the strength of their controls as the risk increases. Measures expected include layered security programs that involve fraud detection and monitoring systems, dual customer authorization through different access devices, out-of-band verification for transactions, and debit blocks and other techniques to screen or limit the amount of transactions.
As for the NCUA, “For federally insured credit unions, they will be expected to adapt appropriate strategies from the supplement to strengthen and enhance controls by January 2012,” Matz said. “Beginning in 2012, at credit unions offering electronic services, NCUA examiners will evaluate these controls under the enhanced expectations outlined in the supplement.”
The FFIEC makes policy recommendations to attempt to achieve greater uniformity in regulatory policies. It is made up of representatives from five federal regulatory agencies and one representative of state regulators.
The agencies represented are the NCUA, the FDIC, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the State Liaison Committee. Texas Credit Union Commissioner Harold Feeney serves on that committee with four other state regulators.