FFIEC Authentication Guidance Examination in 2012: Are You Prepared?
As a result of the release of the 2011 Supplement to the Authentication in a Internet Banking Environment Guidance by The Federal Financial Institutions Examination Council (FFIEC), banks and financial institutions are now preparing for 2012 exams during which they will be evaluated against enhanced requirements for online banking security. To help companies in preparing for the 2012 FFIEC Authentication Guidance Examination, the Knowledge Group has assembled a panel of key regulators and thought leaders to help them navigate through the compliance issues in terms of risk-based assessments, layered security to mitigate online fraud, and improved customer and employee fraud awareness. Speakers will also offer valuable insights on the fraud trends in 2012 and how to protect your firm.
FFIEC Authentication Guidance Examination in 2012: Are You Prepared? Live Webcast is a must attend webcast for finance executives and risk and compliance officers involved in preventing online fraud. The program will cover the topics above along with a Q&A panel in which the attendees will be invited to ask the speakers questions.
Gerald R. Gagne, CPA, CISA, Director, Risk Management Services & Member of the Firm,
Wolf & Company, P.C
- The state of data security – what are the threats facing community banks and their customers
- The guidance – a summary of the guidance and compliance
- Risk assessment – a description of the elements and process to determine which systems are in and which ones are not
- Layered security – a discussion on key preventative and detective controls over the endpoint, online session, transaction monitoring and operations
- &Customer training – what should it include and how to deliver it
Benjamin A. Sady, CIA, CISA, CRISC, Manager, Risk Advisory Services,
- What should be included in the risk assessment
- When should the risk assessment be performed
- Who should perform and who should approve the risk assessment
Eric LaBadie, VP of Sales and Customer Service,
Guardian Analytics LAYERED SECURITY
- Conformance start with understanding the minimum expectations expressed in the Guidance.
- Most FIs do not fully understand the FFIEC's minimum expectations expressed in the Guidance (as discovered in our recently released FFIEC Readiness study). It's worth reviewing these, particularly those associated with implementing a layered security program.
- Don't forget mobile: Agencies are looking for improved fraud protection across channels.
- The Guidance does include mobile, which will be the new fraud battlefront for 2012. Anomaly detection solutions can prevent fraud regardless of the device or the channel.
- The opportunity for FIs is much larger than simply conforming to the Guidance.
- Banks and CUs that deploy anomaly detection can expand online and mobile banking services without increasing the risk of fraud attacks, improving customer satisfaction and creating competitive advantage.
- Don't just react to fraud attacks, but proactively intervene and alert clients.
- Monitoring all accounts for fraud staging activities and proactively alerting clients of suspicious behavior will stop more attacks while increasing customer trust and l
Andrew J. Lorentz, Partner,
Davis Wright Tremaine LLP
LEGAL POINT OF VIEW, WHAT EXAMINERS ARE SAYING AND DOING, LOOP IT INTO OTHER GUIDANCE, EDUCATION
- Critical differences in the 2011 Supplement as compared to the 2005 Guidance
- Other key sources of regulatory guidance on authentication
- What can FIs expect their supervisors to focus on
Who Should Attend:
- Chief Security Officers
- Bank Security Officers
- Finance Attorneys
- Risk and Compliance Managers
- Chief Finance Officers
- IT Security Officers
- Banking Lawyers & Consultants
- Security Operations
- Fraud Monitoring
- Business Analysts
- Fraud Analysts
Jerry leads Wolf’s Risk Management Services Practice where he is responsible for the successful delivery of risk management services to our clients. Jerry also serves as the Director of Marketing and serves on the Firm’s executive committee, and is responsible for leading the Firm’s overall strategic direction. Jerry’s expertise includes IT risk assessments, customer information privacy reviews, application and network security reviews, Internet intrusion studies, war dialing and social engineering. Under Jerry’s direction, the IT Assurance Group also provides third-party reviews of service bureaus’ control systems including SSAE 16 audits and helps in the development of IT security policies and procedures. Additionally, he has managed engagements to assess system controls, technical security, information security and privacy, application controls and software implementation as well as performing data analysis and audit support projects.
Jerry leads Wolf’s Risk Management Services Practice where he is responsible for the successful delivery of risk management services to …
Benjamin Sady has eight years of professional experience and over five years of Big Four firm experience providing internal audits, information technology audits, SAS 70 audits, penetration testing, regulatory compliance audits, and Sarbanes-Oxley assistance. Mr. Sady currently works as a manager in Keiter’s Risk Advisory Services practice, where he provides these services to many industries, including banks and credit unions. Prior to joining Keiter, Ben was a senior consultant in the Audit and Enterprise Risk Services group at Deloitte & Touche LLP. Mr. Sady holds a B.S. in Business Information Technology from Virginia Polytechnic Institute and State University. Mr. Sady holds the following certifications: Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC).
Benjamin Sady has eight years of professional experience and over five years of Big Four firm experience providing internal audits, …
Eric LaBadie brings 15 years of enterprise software sales and sales management experience to Guardian Analytics. Most recently, Eric held various senior sales positions within IBM, including responsibility for managing the Fortune 500 financial services accounts for the Rational Software brand. Prior to this position, he served as Director of Sales for iSharp, a provider of system testing services, where he developed and managed a world-class field, telesales, and channel sales organization. He was also co-founder and Director of Sales at Silicon Valley Networks, a leader in software testing solutions, and was District Sales Manager for Pure Software, where he led his team to become the most consistent, top producing sales group in the company. Eric holds a BS in Marketing from Chico State University.
Eric LaBadie brings 15 years of enterprise software sales and sales management experience to Guardian Analytics. Most recently, Eric held …
Andrew Lorentz focuses his practice on retail financial services. He is particularly knowledgeable regarding mobile and other electronic payment systems and is a frequent speaker at industry events. Mr. Lorentz also has extensive experience with a wide variety of other transactions and regulatory matters both in the United States and abroad, including the Electronic Fund Transfer Act, Regulation E, Truth-in-Lending, Regulation Z, the Fair Debt Collection Practices Act, the Federal Trade Commission Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, federal and state banking regulation, state money transmission and licensed lending laws, payment network rules, unclaimed property laws, the Bank Secrecy Act, FDIC insurance, and E-SIGN. Mr. Lorentz’s clients include major financial institutions, technology companies, and national retailers, which he counsels on financial regulation, billing and payment systems issues.
Andrew Lorentz focuses his practice on retail financial services. He is particularly knowledgeable regarding mobile and other electronic payment systems …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
NY Category of CLE Credit:
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Wolf & Company, P.C
Wolf & Company is a leading regional certified public accounting and business consulting firm founded in 1911, with offices in Boston and Springfield, Massachusetts, and Albany, New York. Entering our second century providing assurance, tax, risk management and business advisory services throughout the Northeast, clients can expect direct involvement from the Firm’s owners and senior management, and responsive service from a multi-disciplinary team. Our collaborative service strategy enables us to develop a deep understanding of clients and their business needs, and to maximize opportunities while navigating any potential obstacles. Wolf’s areas of focus include Financial Institutions, Investment Advisors, Family Businesses, Employee Benefit Plans, Technology Companies, High Net Worth Individuals, Educational Institutions and Public Companies.
Keiter is a professional services firm headquartered in Richmond, Virginia and founded in 1978. They offer a wide range of value to their clients: Risk Advisory Services, Strategic Business Consulting, Assurance Services, Taxation Services, and Valuation and Forensic Services. Keiter professionals are not just auditors and consultants, they are Opportunity Advisors. Their goal is to provide insights and identify opportunities for their clients to improve business decisions, tax position, operations, compliance, and the use of technology so that they can reduce costs and grow their company in the right manner. Keiter has the knowledge to uncover opportunities and the commitment to see them through.
About Guardian Analytics
Guardian Analytics protects financial institutions and their customers from today’s sophisticated online banking fraud attacks while helping them to conform to the new FFIEC Guidance for anomaly detection. Banks and credit unions use behavior-based FraudMAP® to detect and prevent account takeover, reconnaissance, and ACH, wire, bill pay and other payments fraud. FraudMAP automatically monitors EVERY online sessions from login to logout for ALL retail and commercial customers, and identifies suspicious activity and anomalous transactions before the money is gone.
About Davis Wright Tremaine LLP
Davis Wright Tremaine LLP, a national business and litigation law firm representing businesses throughout the United States and around the world, was founded in 1908 on a simple guiding principle: to provide clients with high-value legal services customized to their particular needs. With approximately 500 lawyers in nine offices spread across the United States and in China, we advise clients in industries ranging from financial services to media and communications to health care on the full scope of transactional and regulatory issues they face. Our primary practice areas include Finance and Commercial Transactions; Digital Media and Entertainment; Communications; Labor and Employment; Business Transactions; Litigation; Energy; Health Care; and Life Sciences.