FFIEC guidelines are the standards set up by the Federal Financial Institution Examination Council (FFIEC) for banking practices. The FFIEC is an agency with five agency members (the Fed, FDIC, OCC, NCUA and CFPB) who establish uniform principles, standards, and report forms for the federal examination of financial institutions. FFIEC guidelines cover both banking practices and cybersecurity.
The Bank Secrecy Act/Anti Money Laundering (BSA/AML) Exam Manual sets out guidelines to ensure banks don’t unknowingly become a part of a money laundering scheme or fraudulent activities. These guidelines include limits on transactions. For example, banks must report transactions of over $10,0000 in cash within 24 hours by one customer. The bank must also report suspicious activity, including transactions of $5,000 or more that the bank suspects is related to illegal activities.
Banks must also follow the Know Your Customer rule to ensure that customers are properly identified. The FFIEC guidelines cover what specific information banks need to collect as they carry out customer due diligence. For example, multi-factor authentication can be used to ensure accurate customer identification. Multi-factor authentication requires customers to use two types of authentication to receive bank services.
With recent global developments, FFIEC guidelines have been developed to increase cybersecurity in financial institutions. The FFIEC I.T. Examination Manual contains the guidelines relating to the use of information technology in banking. Regulations found in the FFIEC I.T. Examination Manual include rules about:
business continuity planning, development, and acquisition
outsourcing technology services
retail payment systems
supervision of technology service providers
wholesale payment systems.
To follow all the many regulations of the FFIEC guidelines, financial institutions use software services for mitigating compliance risk. This software allows them to manage vendors, create business continuity plans, and use technology while staying compliant with FFIEC guidelines.