Booklet: FedLine® Section: Introduction

Previous Subsection Table of Contents Next Subsection

The FedLine Booklet is another in the series that comprises the Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook (IT Handbook). This booklet replaces Chapter 19 of the 1996 Federal Financial Institutions Examination Council (FFIEC) Information Systems Examination Handbook. It addresses the risks, risk management practices, and mitigating controls necessary to establish and maintain an appropriate operating environment for the FedLine Funds Transfer (FT) application. FedLine is the Federal Reserve Bank’s proprietary electronic delivery channel for financial institution access to Federal Reserve financial services, and includes DOS-based FedLine and FedLine for the Web. FedLine for the Web is available to financial institutions for access to financial services deemed low-risk by the Federal Reserve but does not currently offer access to high-risk payment-related applications such as funds transfer. Future updates to this booklet will incorporate the risk considerations and controls associated with the FedLine for the Web environment, including high-risk payment applications such as funds transfer, as the Federal Reserve introduces these additional features for financial institution use.

FedLine is a stand alone, PC-based hardware and software package providing financial institution access to accounting, Automated Clearinghouse (ACH), book-entry securities, cash, check, treasury services, and Fedwire funds transfer applications. These applications allow for the creation and transmission of payment messages, account balance monitoring, and other functions performed via encrypted dial-up sessions with the Federal Reserve Bank’s host computer.

Using the FedLine FT application exposes a financial institution to certain operational (transaction) risks that the institutions must appropriately control. Funds transfer messages provide for the immediate availability of funds to the credited account once sent from the FedLine PC and processed at the Federal Reserve Bank’s host computer.

FedLine incorporates three security measures designed to protect against unauthorized access to FedLine applications and Federal Reserve communication networks:

Appropriate physical and logical access controls should be established to ensure only authorized staff can create, verify, and send funds transfer instructions on behalf of the financial institution and its customers as well as guard against inadvertent errors or omissions. The operational risk inherent in generating and sending fraudulent funds transfer messages, potentially targeting the institution’s available cash balances, and transferring them to accounts beyond the control of the financial institution, exposes the financial institution to significant credit, liquidity, legal, and compliance risks.

Federal Reserve Operating Circular No. 5 sets out the terms and conditions under which a financial institution may access certain financial services and under which a financial institution may send data to or receive data from a Federal Reserve Bank by means of electronic connection(s). Federal Reserve Operating Circular No. 6 sets out the terms and conditions under which a financial institution can transmit and receive funds transfers through Fedwire, including responsibilities for information security, business continuity, and related administrative information.

The guidance in this booklet primarily targets operational (transaction) risks related to funds transfers. Management, however, should also understand the indirect impact this funds transfer system could have on other risk areas within the institution.

The booklet is organized within three general sections. The first section describes the operational (transaction risks) associated with the use of the FedLine PC and FT application and the specific risk management practices and controls needed to mitigate these risks.

The second section includes recommended FedLine security settings available to the financial institution to support processing only authorized funds transfer messages and to minimize processing potentially unauthorized messages due to fraud, errors, and omissions. Although the recommended security settings provide specific information useful to both financial institution management and examination field staff, the recommended security settings are appropriate within the context of the size and complexity of the financial institution including its specific operating environment, staffing levels, and funds transfer activity. Financial institutions and examiners should use the recommended settings as a guide to evaluate the related controls. Differences may be the result of the institution choosing alternate mitigating controls designed to meet its particular operating environment and capabilities.

The third section includes examination procedures, a glossary of terms, and references to information including specific FedLine applications, codes, and access levels. Please refer to the IT Handbook’s “Information Security Booklet” and “Business Continuity Planning Booklet” for additional details on information security access controls and business continuity planning respectively. Additional information concerning Fedwire funds transfer, including the Federal Reserve’s Payment System Risk (PSR) policy, balancing functions, credit limits, collected balances, and transferee identification can be found in the IT Handbook’s “Wholesale Payment Systems Booklet.”

Previous Subsection Table of Contents Next Subsection           Home IT Booklets Glossary Resources Presentations