The Federal Reserve has developed its Security and Resiliency Assurance Program to address increasing security vulnerabilities and threats for financial institutions that utilize FedLine solutions.
The new program requires all financial institutions utilizing FedLine solutions (including FedLine Advantage®, FedLine Web®, FedLine Command®, and FedLine Direct®) to perform an assessment of their compliance with the Federal Reserve Banks’ FedLine security requirements and submit an attestation that the assessment has been completed. The attestation must be submitted to the Fed by December 31, 2021, and financial institutions will be required to complete this assessment and submit the related attestation annually going forward.
The relevant FedLine Security Requirements to be included within the assessment are documented within the following resources:
- the Federal Reserve Operating Circular 5 (Electronic Access)
- the Federal Reserve Certification Practice Statements
- the Federal Reserve Password Practice Statement
- the Security and Control Procedures document that is associated with each FedLine solution
According to the Federal Reserve, assessments may be completed with the assistance of internal staff, including internal audit. However, some financial institutions may be required to have an independent party either conduct or review the assessment, such as an external auditor or consultant. In addition, although internal staff or another independent party may assist with the assessment, an official or executive officer in charge of electronic payments operations or payments security must sign and submit the required attestation.
For additional information regarding the requirements of FedLine Solutions Security and Resiliency Assurance Program, refer to the FedLine Solutions Security and Resiliency Assurance Program Resource Center at www.frbservices.org.
If you need assistance with identifying the specific FedLine security requirements, developing an assessment work program, or performing the assessment, the KraftCPAs Risk Assurance and Advisory Services Team can help. Reach out to Erica Hightower, manager, at (615) 915-6605 or firstname.lastname@example.org; or Gina Pruitt, member-in-charge, at (615) 782-4207 or email@example.com.