Meeting the Federal Reserve 12/31/21 FedLine Compliance Deadline

Protecting Your FedLine® Solutions Against Cyber Threats

Cybersecurity attacks continue to grow with hackers developing more sophisticated methods for infiltrating businesses of every size and in every industry. In response to this trend, the Federal Reserve recently unveiled new compliance requirements known as the FedLine Solutions Security and Resiliency Assurance Program (Assurance Program)[1]. The Assurance Program must be completed for any institution or organization utilizing FedLine Solutions by December 31, 2021.

The Assurance Program will benefit your institution and the customers you serve by:

  • Reinforcing the safety, security, resiliency and trust of Federal Reserve services for all financial institutions and service providers.
  • Reducing the fraudulent transaction risks.
  • Alerting institution leadership to gaps or control deficiencies.
  • Enhancing your risk management and resiliency.
  • Increasing confidence that controls are in place and monitored to protect payment systems and customers.
  • Reinforce your vigilance against cyber-attacks and inspiring your strategies to further address risks. 
Your responsibilities

For conducting this annual compliance assessment, your institution’s End User Authorization Contacts (EUACs) should have received the Assurance Program communications from the Federal Reserve detailing your organization’s requirements under the Assurance Program, which generally address compliance with the respective FedLine Security Requirements. Those requirements are documented in Operating Circular 5 (Electronic Access), the Certification Practice Statements, the Password Practice Statement, and the Security and Control Procedures document that is associated with each specific FedLine Solution. The communications outline the following requirements:

  • Conduct a self-assessment of your compliance with the Security Requirements.
  • If required by the Federal Reserve, ensure that the assessment is conducted or reviewed by an independent internal function or third party.
  • Attest to the Federal Reserve that the self-assessment was completed.
  • To the extent any deficiencies or gaps were identified in the self-assessment, develop a remediation plan to address such deficiencies.

If you have been notified that your organization’s self-assessment must be conducted by an independent party, your resources to complete this requirement include:

  • Independent internal department such as in-house internal audit or compliance team. (This team cannot fall under the reporting line of the senior executive in charge of payment services.)
  • A third-party professional service firm (such as DHG’s Technology Compliance professionals).
  • If the assessment is conducted by a non-independent party, an independent third-party must review the work conducted to establish it was designed and conducted in a manner reasonably sufficient to identify any material noncompliance with the Security Requirements.
How DHG can help

DHG can assist management evaluate your compliance requirements, conduct or review the required self-assessment for management’s attestation and assist management with developing a remediation plan for any deficiencies or compliance gaps identified within the assessment. Our professionals stand ready to provide guidance for every facet of your strategy and help you meet the year-end deadline.

With DHG, you gain a collaboration with professionals who integrate sound financial services and IT governance experience to deliver comprehensive compliance strategies so you can focus more on serving your clients.

To learn how you can use our technical knowledge, industry insights and future-focused approach to serve your organization, please contact Zach Shelton, Principal, zach.shelton@dhg.com.

 

[1] Reference: https://www.frbservices.org/resources/resource-centers/security-resiliency-assurance-program/index.html

ABOUT THE AUTHORS

RELATED KNOWLEDGE SHARE

GET IN
TOUCH
© Dixon Hughes Goodman LLP. All rights reserved.
DHG is registered in the U.S. Patent and Trademark Office to Dixon Hughes Goodman LLP.
praxity