Today's fraudsters are more agile and adaptive than ever before.Innovation is quickly being outpaced, and fraud continues to be adaunting threat to financial institutions.

With new technologies emerging every day, it is critical fororganizations to fraud proof their systems to ensure minimal amountof loss in the event of a breach and provide a secure experiencefor their clients.

Changing regulations and updated guidelines from the FFIEC areintended to help with this, but sometimes just make the situationmore daunting.

According to a recent BankInfoSecurity survey, 29% percent ofthe 200 financial leaders surveyed said that they still don'tunderstand what regulators want in terms of FFIEC conformance, and88% don't believe conformance will do much to curb onlinefraud.

We need to reach a landscape where organizations have a clearunderstanding of compliance requirements, how these will bolstertheir security and what more they can do to go beyond simplychecking boxes off a guideline list. It's critical to be able toadapt to new risks and attack vectors, and FFIEC compliance is thefirst step in thwarting these threats.

To help smooth the journey ahead, here are five of the necessarysteps organizations need to take to navigate the road tocompliance.

Risk Assessment: The first step to FFIECcompliance – and a robust fraud prevention program – is to conductperiodic risk assessments. It's important to know what you're upagainst; fraud threats, especially in the online world, evolverapidly, and your organization needs to adapt as new threatsemerge. This also includes understanding the impact of changes inthe banking ecosystem such as the increased adoption of mobilebanking and shifting use patterns of your customer base.

Layered Security: Once you've assessed thecurrent threat landscape and your organization's vulnerabilities,constructing your security strategy is the next step. Taking alayered approach to security ensures that your organization canmaintain comprehensive threat protection even if one elementsuffers a vulnerability.

This approach should combine a variety of authenticationtechniques (such as dual customer authorization through differentdevice access, out-of-band verification for transactions), accountactivity controls (such as “positive pay,” transaction value andfrequency thresholds, allowable payment windows, control overaccount maintenance activities performed by customers or servicechannels, etc.) and policies and practices such as customer historymonitoring and effective customer education.

Vigilant Monitoring: Even the best securitysolutions won't do much good without monitoring and analysis torespond to threats when they are identified. With security systemsand protocols in place, vigilant monitoring of transactions,customer behavior patterns, account activity and access to adminfunctions will reveal any anomalies and possible threats inprogress, as well as potential areas of future vulnerability.

Complex Device Identification: Deviceidentification allows you to implement multifactor authenticationor transaction verification. It's critical that the solution yourely on goes beyond cookies or IP identification alone, and takesinto account device-specific parameters in order to detectcompromised or fraudulent devices.

Customer Awareness and Education: Througheffective communication and education, your customers can becomeanother line of defense. Make sure that customers know under whatcircumstances your organization may contact them to request theirbanking credentials. Remind them of the resources available bothfor additional risk mitigation they can implement themselves, andhow to sound an alert if they notice suspicious account activity orexperience customer information security-related events.

Compliance can be a complex and time-consuming task, butadhering to FFIEC guidelines is an excellent way to ensure yourorganization is maintaining stringent security measures and stayingabreast of developments in both the threat landscape and in thetechnology and solutions available to combat risks.

Following these five steps of risk assessment, layered security,vigilant monitoring, complex device identification and customerawareness and education, you and your organization should have safetravels on the road to FFIEC compliance.

Eli Katz is vicepresident of enterprise strategies for 41st Parameter inScottsdale, Ariz.