FoxPointe Security Hub

FedLine Security and Resiliency Assurance Program Attestation Service

October 20, 2021 by Christopher Salone

Technology Security

FedLine Security and Resiliency Assurance Program

In October 2020, the Federal Reserve Banks (FRB) posted an announcement to their website titled “Announcing the FedLine Solutions Security and Resiliency Assurance Program”.  The FRB’s FedLine Solutions are a critical component of the U.S. payment system.  FedLine is a suite of payment solutions designed to facilitate electronic payments in an efficient, reliable, and secure manner.  FedLine Solutions include FedLine Direct, FedLine Command, FedLine Advantage, FedLine Web, and FedMail.

The FRB stated in their announcement that “the organizations that use the service play a vital role in safeguarding the payment messages and information that are transmitted over FedLine. Additionally, during times of uncertainty security threats tend to increase. This increased risk, along with the evolving threat landscape, serves as a reminder that security posture is more important than ever.”

To ensure security and reduce the risk of fraudulent payments, the Federal Reserve has developed a series of security requirements that must be implemented for institutions using FedLine Solutions.  The requirements include but are not limited to PC controls, hardware controls, network controls, documentation, data, and assurance.

The FRB emailed organizations’ End User Authorization Contacts (EUAC) earlier this year with the attestation materials, including compliance requirements.  Organizations with multiple ABA routing numbers will be required to submit an attestation for each ABA.

The Fed assurance program requires all organizations that use FedLine Solutions to:

  • Conduct an assessment of their compliance with the FRB’s FedLine Solutions security requirements as provided within the materials emailed to the EUACs
  • Submit an attestation by December 31, 2022 stating that the organization has completed the assessment

In some cases, the FRB may require organizations to complete an independent assessment.  If the Federal Reserve notifies you that you must have an independent assessment, you may have some options, including:

  • Hiring an independent third party to perform the assessment.
  • Having an independent internal department perform the assessment (e.g., internal audit, compliance, etc.).
  • Conducting a self-assessment and having it “peer-reviewed” by an independent party.

To learn more about the Security and Resiliency Assurance Program, see the list of Frequently Asked Questions on the Federal Reserve website or refer to Federal Reserve Operating Circular No. 5 (OC5), which outlines the Requirements of the Fed Assurance Program.

FoxPointe Solutions, which is a division of The Bonadio Group, is equipped and prepared to help your organization comply with these requirements.  We would be happy to answer any questions you may have or provide you with additional information.