Today, the Federal Financial Institutions Examination Council (FFIEC) issued a 7-page list of questions and answers about its October 12, 2005, bestseller, Authentication in an Internet Banking Environment.

The main thing you need to know about the new document is what it does NOT say, that the year-end deadline has been extended (see Timing, Q1, p. 4, reprinted below). However, the answer does appear to provide a bit of wiggle room, saying that banks must "implement risk mitigation activities by year-end 2006." I'm sure many creative interpretations of the precise meaning of that phrase will surface. 

Q-1- What do the Agencies expect institutions to have accomplished by year-end 2006?
A-1– The Agencies expect that institutions will complete the risk assessment and will implement risk-mitigation activities by year-end 2006. The Agencies are not considering any general extension of the timing associated with this guidance.

Good luck to all.

—JB