Nsight Blog | Ncontracts

FFIEC Guidelines

Written by Ncontracts | Nov 13, 2018 2:15:00 PM

FFIEC guidelines are the standards set up by the Federal Financial Institution Examination Council (FFIEC) for banking practices. The FFIEC is an agency with five agency members (the Fed, FDIC, OCC, NCUA and CFPB) who establish uniform principles, standards, and report forms for the federal examination of financial institutions. FFIEC guidelines cover both banking practices  and cybersecurity.

The Bank Secrecy Act/Anti Money Laundering (BSA/AML) Exam Manual sets out guidelines to ensure banks don’t unknowingly become a part of a money laundering scheme or fraudulent activities. These guidelines include limits on transactions. For example, banks must report transactions of over $10,0000 in cash within 24 hours by one customer. The bank must also report suspicious activity, including transactions of $5,000 or more that the bank suspects is related to illegal activities.

Banks must also follow the Know Your Customer rule to ensure that customers are properly identified. The FFIEC guidelines cover what specific information banks need to collect as they carry out customer due diligence. For example, multi-factor authentication can be used to ensure accurate customer identification. Multi-factor authentication requires customers to use two types of authentication to receive bank services. 

With recent global developments, FFIEC guidelines have been developed to increase cybersecurity in financial institutions. The  FFIEC I.T. Examination Manual contains the guidelines relating to the use of information technology in banking. Regulations found in the FFIEC I.T. Examination Manual include rules about: 

  • business continuity planning, development, and acquisition

  • electronic banking

  • information security

  • I.T. audits

  • I.T. management

  • outsourcing technology services

  • retail payment systems

  • supervision of technology service providers

  • wholesale payment systems.

To follow all the many regulations of the FFIEC guidelines, financial institutions use software services for mitigating compliance risk. This software allows them to manage vendors, create business continuity plans, and use technology while staying compliant with FFIEC guidelines.

Banks and credit unions are audited by FFIEC member agency bank examiners. The findings are reported, and banks are expected to correct any problems found.

Learn about vendor management risks and GLBA risk assessment

 

Related: What Is A Compliance Management System And Why Your FI Needs One