This page contains a Flash digital edition of a book.
Page 4 The Banker’s Advocate Little Rock Office


400 Hardin Road, Suite 100 Little Rock, AR 72211-3502 Phone: 501-324-9019


Fax: 501-324-9028 Email:


asbd@banking.state.ar.us


Northwest Arkansas Office


777 Mathias Drive Suite A


Springdale, AR 72762-0739 Phone: 479-751-5543


Fax: 479-751-5815 Email:


NWArk@banking.state.ar.us


Jonesboro Office 924 South Main P.O. Box 9374


Jonesboro, AR 72403-9374 Phone: 870-972-1744


Fax: 870-972-1762 Email:


jonesboro@banking.state.ar.us


HOT TOPIC Continued from Page 1


that will be reviewed in subse- quent examinations. The growing concern sur-


rounding hackers employing sophisticated and malicious methods to circumvent au- thentication controls resulted in the Federal Financial Insti- tutions Examination Council (FFIEC) issuing Supplement to Authentication in an Internet Banking Environment (Supplemental Guidance) on June 28, 2011. The Supplemental Guid-


ance does not replace the original guidance issued on October 12, 2005, titled Au- thentication in an Internet Banking Environment, but rather rein- forces the expectations re- garding the risk management framework. A bank’s risk assessment will be reviewed to ensure customer authentication con- trols are adjusted in response to new threats to customer accounts. In addition, institu- tions will be expected to reex- amine and update the risk assessment at least annually or whenever significant changes occur.


We’re on the Web! www.arkansas.gov/bank


Customer authentication will be assessed to ensure methods used to authenticate a customer are commensurate with the level of risk noted within the risk assessment. The definition of “high-risk transactions” in the 2005 guidance has not changed (i.e., electronic transactions involv- ing access to customer infor- mation or the movement of funds to other parties). While both consumer and


A publication of the Arkansas State Bank Department


commercial accounts can fall into this category, the Supple- mental Guidance makes some distinction between the levels of risk in these two types of accounts. As a result, banks


may choose different types of layered authentication meth- ods for specific account types affected by “high-risk transac- tions.”


However, it should be noted the Supplemental Guid- ance also states that simple device identification and chal- lenge questions should no longer be considered a pri- mary control for risk mitiga- tion.


Layered controls will be


reviewed to ensure adequate authorization is instituted for “high-risk transactions.” Layered security controls


are characterized by the use of compensating controls at dif- ferent points within the trans- action process. At a mini- mum, institutions will be ex- pected to have layered security designed to detect and effec- tively respond to suspicious or anomalous activity related to: ▪ Initial log-in and authenti-


cation of customers requiring access ▪ Initiation of funds trans-


fers In addition, system admin-


istrators of commercial ac- counts who can set up or change system configurations are expected to have layered security controls in place to govern their activity. Customer awareness/ education will be incorporated into the examination process to ensure customers are ap- prised of the protections pro- vided and not provided, com- munication guidelines and alternative risk control mecha- nisms.


The links to Authentication in an Internet Banking Environment or Supplement to Authentication in an Internet Banking Environ- ment are:


http://www.ffiec.gov/pdf/ authentication_guidance.pdf


http://www.ffiec.gov/pdf/Auth-ITS- Final%206-22-11%20(FFIEC% 20Formated).pdf


December 31, 2011


Hitting the Links


FDIC profiles banks by state


A quarterly report posted on the FDIC Web site pro- vides a snapshot of bank per- formance and economic con- ditions in each state. The Federal Deposit Insur- ance Corporation produces a one-page State Profile for all 50 states, Puerto Rico and the U.S. Virgin Islands. FDIC State Profiles are on the agency’s Web site at:


http://www.fdic.gov/bank/ analytical/stateprofile/ This page features easy-to-


use links from a map of the United States. The State Profile is divided


into three sections: ▪ The Economic Indicators


section contains trend data for such indicators as employ- ment growth, single-family home permits, multifamily building permits and a Home Price Index. ▪ The Banking Trends sec- tion breaks out median ratios in the areas of asset quality, capital and earnings, and li- quidity and sensitivity. There also is a table of concentra- tions for different loan types, stated as a median percentage of total risk-based capital. The data points for the


Economic Indicators and Banking Trends sections are the two most recent year- ends, the two most recent quarters and the prior-year quarter. ▪ The Banking Profile sec- tion includes data for the five largest deposit markets and a distribution by asset size of FDIC-insured financial insti- tutions with main offices in the state.


Page 1  |  Page 2  |  Page 3  |  Page 4