FFIEC agencies [Agencies] issued guidance entitled Authentication in an Internet Banking Environment [2005 Guidance] The 2005 Guidance provided a risk management framework for financial institutions offering Internet-based products and services to their customers. Fraudsters have continued to develop and deploy more sophisticated, effective, and malicious methods to compromise authentication mechanisms and gain unauthorized access to customers’ online accounts. Financial institutions should review and update their existing risk assessments as new information becomes available, prior to implementing new electronic financial services, or at least every twelve months.”]
Source: https://www.bankinfosecurity.com/new-ffiec-guidelines-full-text-a-3802