NACHA Develops Sounds Business Practices for Implementing Provisions of FFIEC Internet Banking Authentication Supplement

Resource Will Help Financial Institutions Refine Internal Policies and Procedures

Herndon, Va., July 19, 2012 – Today, NACHA –The Electronic Payments Association, released a resource to support financial institutions with ongoing efforts to refine their implementation of the provisions of the Federal Financial Institutions Examination Council (FFIEC) Supplement to Authentication in an Internet Banking Environment. The resource, developed by NACHA’s Risk Management Advisory Group, identifies sound business practices that financial institutions could use to create internal policies and procedures in response to guidance in the Supplement. The guidance requires financial institutions to complete periodic risk assessments, establish layered security controls, and educate customers on various forms of potential fraud.

In October 2005, the FFIEC issued the original Authentication in an Internet Banking Environment Guidance. The 2005 Guidance provided a risk management framework for financial institutions offering Internet-based products and services to their customers. On June 28, 2011, the FFIEC issued a Supplement to the 2005 Guidance. The purpose of the Supplement is to reinforce the risk-management framework described in the original guidance and update the FFIEC member agencies’ supervisory expectations regarding customer authentication, layered security, and other controls in the online environment.

“A year after issuance of the FFIEC Supplement, many financial institutions are still looking for greater clarity around elements of the guidance and, as a result, are still working to fully implement the requirements,” said Tina Giorgio, Senior Vice President, Sandy Spring Bank and member of NACHA’s Risk Management Advisory Group.  “Clear understanding is critical to improving online banking security per the requirements outlined in the Supplement.”  

NACHA’s Sound Business Practices for Implementing Provisions of the Supplement provides financial institutions with a clear framework to implement the provisions of the FFIEC Supplement. Specifically, it offers financial institutions a side-by-side representation of key points of the Supplement, parties affected by each point, any applicable requirement per the NACHA Operating Rules, and sound business practices to adhere to the points outlined in the Supplement.

“We are pleased to partner with the financial industry and offer this straightforward resource intended to support the efforts of financial institutions as they work to appropriately utilize online security controls and conform to FFIEC guidance,” said Janet O. Estep, NACHA President and CEO.  “The use of appropriate, layered controls will help financial institutions minimize risk, reduce potential future fraud, and retain confidence in electronic banking and payments systems.”

To download a copy of FFIEC Supplement to Authentication in an Internet Banking Environment: Sounds Business Practices for Implementing Provisions of the Supplement, or for more information, visit

About NACHA’s Risk Management Advisory Group
NACHA’s Risk Management Advisory Group is dedicated to establishing sound business practices for risk management, developing rules necessary to assure ongoing strength and stability, and improving quality in the ACH Network. The Risk Management Advisory Group advises the NACHA Board and works with staff to guide and implement the risk management strategy and shares findings with payments professionals across payments channels.  Achievements include significant contributions to the NACHA rule making process and to Network education around the changing face of ACH payments risk. For more information, visit

About NACHA — The Electronic Payments Association
NACHA manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data. The ACH Network provides a safe, secure, and reliable network for direct account-to-account consumer, business, and government payments. Annually, it facilitates billions of Direct Deposit via ACH and Direct Payment via ACH transactions. Used by all types of financial institutions, the ACH Network is governed by the fair and equitable NACHA Operating Rules, which guide risk management and create payment certainty for all participants. As a not-for-profit association, NACHA represents more than 10,000 financial institutions via 17 regional payments associations and direct membership. Through its industry councils and forums, NACHA brings together payments system stakeholders to foster dialogue and innovation to strengthen the ACH Network. To learn more, please visit,,, and

More News