Customers who use mobile financial services don't always take precautions to protect their devices, leaving the payment and banking information vulnerable. How does a financial institution protect mobile payments and services when it cannot protect the device the information transmits from. Regulators have concerns about whether institutions are employing strong security protocols. Failure to do so can leave payment and account information vulnerable and expose the institution to significant risk.
A new Appendix E: Mobile Financial Services was introduced into the IT Examination Handbook by the FFIEC in April 2016. The guidance provides standards for financial institutions offering mobile financial services, and standards for assessments. The guidance may require significant changes to your existing security program and internal auditors should be revising their audit scope based on this new guidance. Financial institutions offering mobile financial services should expect their next electronic banking and/or information security audit to include a risk management review of how effectively they measure, mitigate, and monitor the risks involved and ensure appropriate staff are familiar with the technologies that enable mobile financial services.
And that's not all! The guidance also requires enhanced customer education, director and management involvement, and stronger vendor due diligence.
This webinar will evaluate all of the components of the guidance and provide attendees with some practical considerations, examples, and insights. At the conclusion of the course, attendees will have developed a "game plan" for tackling the new guidance.
In this program, we will:
- Review components of Appendix E
- Define critical mobile financial services risk management components and terms
- Identify risks of given situations for common community bank mobile financial services and assign appropriate controls
- Isolate areas where community banks can expect challenges
- Outline critical management and board report criteria
- Record tips to effectively manage third parties who provide services that support a bank's mobile financial service product(s)
- Discover resources for more information and next steps
Who Should Attend:
- Electronic banking personnel
- Information technology personnel
- Information security personnel
- Compliance staff
- Risk management personnel
- Executive management
- Solution providers offering mobile banking / payment products to financial institutions
Mobile Services Risk Management