The FFIEC recommends that banks update their risk assessment processes at least every 12 months and factor in changes to the threat environment, customer adoption and any incidents of fraud attacks when making changes to its assessments. But NACHA suggests more frequent reviews and updates.
Some of the environmental changes that NACHA says should trigger additional risk assessments include changes in the customer base that uses electronic transactions and the introduction of new electronic funds transfer services. NACHA also suggests that banks review any attempted security breaches to help determine fraud patterns and correct any problems.
Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio