FedLine Solution Security and Resiliency Assurance Program Overview

In October 2020, the Federal Reserve announced the Security and Resiliency Assurance Program for FedLine Solutions. FedLine Solutions are a suite of applications that allow banks to perform electronic transfers such as ACH and wires and other functions such as ordering cash from the Fed. The purpose of the Security and Resiliency Assurance Program (Program) is to ensure the security of the FedLine Solutions system and reduce the risk of fraudulent transactions being sent through the system. 

The Program requires institutions that utilize FedLine to complete the following by the end of 2021:

Conduct an assessment of their compliance with FedLine security requirements published by the Federal Reserve for each FedLine application.
Submit an attestation that they have completed the assessment to the Federal Reserve

The assessment portion of the Program must be completed by all institutions that use a FedLine Solutions product, no matter which products are used. The scope of the controls to be assessed will differ by product, though the Federal Reserve publishes different security controls and guidance for each application.  For example, Institutions using FedLine for reporting will have a different set of controls to assess than those that are using wire and ACH applications. The security requirements for each application are accessible to the designated end user authorization contact (EUAC) for each institution on the EUAC support webpage.     

The assessment itself can be conducted as either a self-assessment or an independent review by a third party. The Federal Reserve will determine if an institution needs to complete an independent review on a case-by-case basis using a variety of factors such as institution size and complexity and products used. Institutions that are allowed to complete self-assessments can utilize internal staff, while those requiring an independent review must use either a third-party audit/security consultant such as Schneider Downs to complete the assessment.  Alternatively, an independent internal function such as an internal audit can complete most of the assessment but an independent third party must review the work conducted by internal staff to complete the assessment.  

Once the self-assessment or independent review has been completed, a signed attestation must be submitted to the Federal Reserve, stating that the institution has completed the appropriate assessment.  The first attestation must be submitted by December 31, 2021 and completed annually, thereafter. The individual signing the attestation should be an executive in charge of payment solutions or the primary group(s) using FedLine at the institution but does not need to be a user or EUAC themself. There is no exemption to this requirement.  

To prepare for the assessment, institutions should do the following:

Make sure your institution’s EUAC contact information is up to date.
Review the security requirements for the FedLine Solutions utilized by your institution and develop a plan to complete the assessment.
Consult with an audit firm like Schneider Downs to assist with developing a self-assessment or independent review.

 

If you have any questions related to this requirement or would like to learn more about our Risk Advisory Financial Services team and related offerings, please contact us at [email protected]

 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Getting Started with SOC 2 Reports
SOC 2 – The Importance of Leadership Buy-In
What’s the Difference Between SOC 1 and SOC 2 Reports?
Employee Benefits Security Administration Cybersecurity Guidance
Time Again for Cyburgh – and Additional Cyber Resources
Benefits of a System and Organization Controls (SOC) Report
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

[email protected]
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

[email protected]
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102

[email protected]
p:571.380.9003

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×