Federal Financial Institutions Examination Council
The Federal Financial Institutions Examination Council (FFIEC), is a “formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB), and to make recommendations to promote uniformity in the supervision of financial institutions”.
The Federal Financial Institutions Examination Council (FFIEC) requires periodic assessments of the privacy and security of confidential information. RISC can assist these organizations with assessments based upon the IT Examination Handbook, network and system security, and evaluation of policies and supporting procedures.
-
The security of the industry's systems and information is absolutely necessary to the privacy of customer financial information’s safety and integrity. The RISC Team understands the process by which an organization protects and secures its systems, media, and facilities to maintain information vital to its operations.
-
Security Objectives involves the availability, integrity, confidentiality, accountability, and assurance of the data or systems that address preventing intrusions with malicious intent thereby protecting the customer’s information from these unauthorized access or use for undesired actions.
-
“Integrity and accountability combine to produce what is known as non-repudiation. Non-repudiation occurs when the financial institution demonstrates that the originators who initiated the transaction are who they say they are, the recipient is the intended counter party, and no changes occurred in transit or storage”
-
The practice of making sure integrity and accountability occurs can assist in reducing fraud. RISC Management can assist with the implementation of an ongoing security process and help institute appropriate security protocols, with clear and succinct roles and responsibilities for the management and employees.