Banking Industry Guidance Report (Assessment)

Exclusively available on Available only on IvyPanda® Made by Human No AI

Benefiting from our hindsight as we look back to 2011, do you believe the Supplemental Guidance was effective in updating the original guidance in a meaningful way?

The upgraded version of the Supplemental Guidance is undoubtedly more effective than the variant of 2005. First and foremost, it is evident that the previous guidance was no more capable of ensuring proper risk management due to the fact that new technologies have been developed within these six years, and, thus, new ways of cyber fraud performing have been invented.

The new guidance has a series of distinguishing features that make it more effective than that of 2005. It puts a particular emphasis on the need for the layered security control that ensures a multi-level protection. Moreover, the guidance points out the essentiality of the regular risk assessment that is critical in the context of the rapidly changing environment (FDIC, 2011). The last but not the least meaningful change in the updated version is the differentiation between the affected stakeholders: consumer and business accounts.

However, experts express some doubts regarding the usefulness of the guidance’s update. Hence, for instance, Avivah Litan (2011) shares his concerns about the efficiency of the new version. He notes that as well as the previous guidance, the new variant does not describe any particular methods or alternative solutions that can be employed to ensure consistent security.

What are potential indicators regulatory bodies should consider when evaluating the need for new regulations?

One of the key responsibilities of a regulatory body resides in a timely assessment of the current state of the IS system and implementing new regulations when it is necessary. Thus, the question arises concerning the indicators that might assist a regulatory body in evaluating the need for change.

First and foremost, it should be noted that ideally, new regulations should be implemented every year. New technologies create new risks putting existing IS systems under a threat notwithstanding their reliability. As a result, a system might fail to manage risks not because of its invalidity but due to the changes in the environment. Secondly, regulatory bodies should necessarily consider the changing character of cyber fraud. Hence, the management of the related risks now requires the implementation of a layered IS system that comprises a multi-factor authentication and effective layered controls (FDIC, 2011). It can, likewise, be recommended that the cost-effectiveness of the existing IS system is assessed – it might turn out that the market can offer some alternative solutions that ensure the same security level at a lower cost.

Describe the pros and cons of including specific implementation guidelines within guidance.

On the face of it, the Supplemental Guidance of 2011 lacks some clarifications regarding the ways in which the outlined strategies can possibly be implemented. Thus, for instance, some peculiar guidelines could have been included in order to clarify how “active consumer awareness” can be reached. In addition, the guidance points out that some kinds of device identification are no longer effective (FDIC, 2011). Hence, it would be reasonable that these kinds were enlisted in the appendix. From this perspective, the addressee of the appeal would be grateful if the guidance provided some concise instructions regarding particular implementations.

However, it should be realized that the guidance attempts to provide a universal outline for ensuring security – it points out the most critical problems and offers some general solutions. As long as the guidance admits that the cyber fraud environment is constantly changing, developing new methods and techniques, it would be illogical if it offered peculiar guidelines – the latter would become out-of-date in half a year after the guidance’s release. From this standpoint, the inclusion of peculiar guidelines would very soon make the entire guidance irrelevant.

Again, benefiting from our place in the future, critique the interpretation of the Gartner analyst (Avivah Litan, 2011) linked above

It has been five years since Avivah Litan offered his interpretation of the guidance. Nevertheless, it should be admitted that the expert was highly accurate in his assessments. Thence, for instance, he pointed out that the guidance of 2011 focused solely on the PC-related risks, neglecting such threat as mobile banking attacks (Litan, 2011). A year ago, the latter was included in the top critical security risks by Kaspersky’s Laboratory (Kaspersky Lab, 2015). On the whole, Litan was right in his assumption that the guidance would become out-of-date within a couple of years. Meanwhile, it does not signify it comprised misleading guidelines – it is just that the environment changes too rapidly for guidance to consider all the risks and threats.

What can internal Governance, Risk, and Compliance staffs do to anticipate the release of new regulations related to technology changes?

The internal Governance Risk and Compliance staff should constantly increase its awareness of the relevant environment in order to anticipate the risks associated with the rapid changes. Hence, it is supposed to track and adopt the best practices and deploy multiple controls that ensure risk prevention at different levels. In addition, the governance should not neglect audit procedures that can assist in providing guidelines for the improvements in the control architecture. Lastly, regulators are recommended to carry out system tests in order to identify its flaws timely and avoid unexpected system failures. In other words, IS should be regularly evaluated and examined on its compliance with the existing standards.

Whitman and Mattord (2011) also recommend that the governance carries out consistent contingency planning that can help companies get prepared to the most likely threats and ensure some stability notwithstanding potential environmental changes.

Reference List

FDIC. (2011). FFIEC Supplement to Authentication in an Internet Banking Environment. Web.

Kaspersky Lab. (2015). Kaspersky Lab: mobile banking threats among the top 10 malicious financial programs for the first time. Web.

Litan, A. (2011). . Web.

Whitman, M.E., & Mattord, H.J. (2011). Roadmap to Information Security: For IT and Infosec Managers. Boston, Massachusetts: Cengage Learning.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2020, October 1). Banking Industry Guidance. https://ivypanda.com/essays/banking-industry-guidance/

Work Cited

"Banking Industry Guidance." IvyPanda, 1 Oct. 2020, ivypanda.com/essays/banking-industry-guidance/.

References

IvyPanda. (2020) 'Banking Industry Guidance'. 1 October.

References

IvyPanda. 2020. "Banking Industry Guidance." October 1, 2020. https://ivypanda.com/essays/banking-industry-guidance/.

1. IvyPanda. "Banking Industry Guidance." October 1, 2020. https://ivypanda.com/essays/banking-industry-guidance/.


Bibliography


IvyPanda. "Banking Industry Guidance." October 1, 2020. https://ivypanda.com/essays/banking-industry-guidance/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1