Testimony of Bill Conner, President and CEO of Entrust
Before the Subcommittee on Communications and Technology
of the Energy and Commerce Committee
U.S. House of Representatives
Part 5
Shortcomings of FFIEC Guidelines
Let me give you a specific example. The Federal Financial Institutions Examination Council (FFIEC) recently updated its guidance for financial institutions offering Internet-based products and services. Unfortunately, these guidelines only hit at the minimum level of security and are already outdated.
Just like the guidance they released in 2005, the guidelines do not place accountability for implementation nor do they mandate any specified timeframe. This puts consumers and businesses at risk when they conduct business online with their bank. And worse yet, it gives the false impression to consumers and the marketplace that entities are safe when, in reality, they are barely doing anything at all.
Even more alarming, the updated FFIEC regulations do nothing to help small- and medium-sized businesses. So while the guidance falls short of protecting larger financial institutions, it’s also all but ignoring the organizations that may need the most legal protection.