Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter
Authentication and Access to Financial Institution Services and Systems


The Federal Financial Institutions Examination Council (FFIEC) issued new guidance titled Authentication and Access to Financial Institution Services and Systems . The guidance provides financial institutions with examples of effective authentication and access risk management principles and practices. These principles and practices are for digital banking services and information systems.

The guidance is available on the FDIC’s website.

Statement of Applicability: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions.


The new Guidance addresses:

  • A financial institution’s risk assessment, which is critical for determining appropriate access and authentication practices.
  • Authentication practices for a wide range of users including customers, employees, third parties, and service accounts accessing financial institution systems and services.
  • How multi-factor authentication, or controls of equivalent strength, can be used to effectively mitigate risks of unauthorized access.

The guidance replaces the FFIEC-issued Authentication in an Internet Banking Environment (2005), and the Supplement to Authentication in an Internet Banking Environment (2011).


FDIC-Supervised Institutions

Suggested Routing:

Chief Executive Officer
Chief Information Officer
Chief Information Security Officer
Chief Risk Officer

Last Updated: August 11, 2021