FFIEC publishes guidance on authentication and access to financial institution systems | 2021-08-12

The Federal Financial Institutions Review Board (FFIEC), on behalf of its members, has issued guidelines that provide financial institutions with examples of effective authentication principles and practices and customer access risk management , employees and third parties accessing digital banking services and information systems.

The new directives replace previous documents published in 2005 and 2011.


  • Highlights the current environment of cybersecurity threats, including increased remote access by customers and users, and attacks that exploit compromised credentials; and mentions the risks associated with push payment capabilities.
  • Recognizes the importance of financial institution risk assessment in determining appropriate access and authentication practices to determine the broad range of users accessing financial institution systems and services.
  • Supports financial institution adoption of layered security and highlights weaknesses in single-factor authentication.
  • Explains how multi-factor authentication or equivalent strength checks can more effectively mitigate risk.
  • Includes examples of authentication controls and a list of government and industry resources and references to help financial institutions manage authentication and access.

Comments are closed.