FDICconnect Bank: Secure Welcome

FDICconnect Bank: Secure Welcome
The .gov means it's official.
Federal government websites often end in .gov or .mil. Before
sharing sensitive information, make sure you're on a federal
government site.
The site is secure.
The
ensures that you are connecting to
the official website and that any information you provide is
encrypted and transmitted securely.
FDIC
connect
Business Center: Bank Portal
The FDIC
connect
Business Center Bank portal is the secure Internet portal for FDIC-insured institutions to conduct business and exchange information with the FDIC.
Already have an Account (Email Address) and Password, Sign In
New Account Registration Instructions
Registration Overview
Frequently Asked Questions (FAQ)
The FDIC
connect
list of Frequently Asked Questions (FAQ)
Security and Privacy
Review the FDIC
connect
Security Notice, Security Controls, and Privacy Notice
New Account Registration Instructions
New Account Registration Instructions
The FDIC implemented a Registration System to register for access to FDIC
connect
(FCX). The FDIC
connect
Business Center is accessible to FDIC-insured institutions. Only bank employees or their representatives should register. To begin the registration process, please select one of the following options:
FDIC
connect
Designated Coordinator Registration
To Begin the registration process as a Designated Coordinator for your institution, please contact the FDIC
connect
Help Desk at (877) 275-3342
(Monday-Friday, 8:00 A.M. - 8:00 P.M. ET) and select option 5.
Next Steps:
The Help Desk completes an invitation form and an email is sent to the candidate coordinator.
The candidate coordinator receives the email invitation, with a secure link to respond to the invitation. After clicking on the secure link, the candidate coordinator
completes and submits the online Designated Coordinator form. The form contains information about the candidate as well as the Institution's Authorizing Official.
An FDIC staff member reviews and approves the information submitted.
The Institution's Authorizing Official receives an email with a secure link to review and approve the candidate. After reviewing the information, the Authorizing Official approves the request.
The candidate coordinator receives an approval email with a secure link to create the FCX account. After clicking on the secure link, the candidate Bank Coordinator submits the FCX account information by completing the online form.
An FCX account is created and can be used to login to FCX.
The Bank Coordinator logs into FCX
The Bank Coordinator will be able to request institution user access, grant user permissions to transactions, and approve users' access requests to associate with the Institution.
FDIC
connect
User Registration
To Begin the registration process for a User for your institution, please contact your institution's Designated Coordinator.
A Designated Coordinator can add users through the Business Center Menu by:
Selecting Coordinator Functions
Selecting Registration System Coordinator
Selecting the New Bank User Registration request link
Completing and submitting the New Bank User Registration form
The Candidate user receives an email invitation, with a secure link to respond to the invitation. After clicking on the secure link, the
candidate user responds to the invitation by completing and submitting an online form.
The coordinator reviews and approves the information submitted by the candidate user.
The candidate user receives an approval email, with a secure link to create the FCX account. After clicking the secure link, the candidate
user submits the FCX account information by completing an online form.
The FCX account is created and can be used to login to FCX.
The user logs into FCX
The coordinator grants permissions for the user to perform transactions for the institution.
Existing users can request to be a Designated Coordinator through the Business Center Menu by:
Selecting User Functions
Selecting Institution Association
Selecting the Request Coordinator Role button
Completing and submitting the Request Coordinator Role form
Existing users can request an institution association to another institution to be a User or Designated Coordinator through the Business Center Menu by:
Selecting User Functions
Selecting Institution Association
Selecting the Go To Institution: Search button
Selecting New Bank User Institution Request or New Bank Coordinator Institution Request
Completing and submitting the form
Frequently Asked Questions
Frequently Asked Questions
FDIC
connect's
most frequently asked questions and answers are listed below.
I need access to FDIC
connect
. What do I do?
Because of the secure nature of the system, your institution must follow the registration process as described in the
New Account Registration Instructions
page.
Can our institution register more than one Coordinator?
Yes. We suggest that institutions register one primary Coordinator and at least one back up for times when the primary person is unavailable due to vacation, travel, etc.
How many users can we register with FDIC
connect
There is no set limit on the number of users an institution may register with FDIC
connect
; however, in the interest of security, we suggest that only those users who will regularly be completing transactions for the institution be given access. Permission to complete transactions may be granted or revoked on a temporary basis for users who only need to access the system occasionally.
What is FDIC
connect
FDIC
connect
is the new Internet channel for FDIC-insured institutions to conduct business and exchange information with the FDIC. The secure web site is maintained and operated by the FDIC. You are viewing the FDIC
connect
system.
Do I need any special equipment or software to use FDIC
connect
To use FDIC
connect
, you will need a browser that supports 256-bit SSL (Secure Sockets Layer) version 3/TLS. OpenSSL technology is not used for encryption and data transmission between banking institutions and the FDIC. We recommend using Google Chrome version 78.0 or Internet Explorer 11 or higher for Windows. The application may be used with other browsers and operating systems, but has not been tested with them. If you are receiving an error indicating your browser does not support the required level of SSL, you should consult your organization's technical support provider and consider upgrading your browser. For users who require a screen reader for accessibility purposes, FDIC
connect
supports JAWS version 5 or higher. The application may be used with other screen readers, but has not been tested with them.
Do I need a User ID to use FDIC
connect
The secure business transaction site, or Business Center, is accessible only if your institution is a member of the FDIC
connect
system and you have an account (email address and password). To register, complete the FDIC
connect
registration process. For details on the registration process, visit the
New Account Registration Instructions
page.
After you register, your access must be authorized by your institution's FDIC
connect
coordinator. Your coordinator can provide you with more information about the access process. If your institution does not currently have a Designated Coordinator, please follow the steps in the
New Account Registration Instructions
page.
I've forgotten my password. What do I do?
You will need to reset your password. Click on the
Forgot password?
link on the Sign In page. You will be asked for identifying information. You will receive an email with a secured link, which will allow you to update your password.
I've received a message that my account is locked. What should I do?
If your account is locked, it will need to be restored by the FDIC. Please contact the FDIC
connect
Help Desk via the
link. You will need to include your login email address so that we can process the request. Please do not include your password.
My email address has changed since setting up my FDIC
connect
account, can I update the email associated with my account?
Yes, bank users can update the email addresses tied to their FDIC
connect
accounts. To update your FDIC
connect
email address, first login using your original credentials, including email address, password. Next, navigate to the User Functions section of the Business Center Menu and select Change Email. Complete the Change Email form and select Update. Use your new email address and existing password to access FDIC
connect
going forward.
Please note: After updating the email address associated with your FDIC
connect
account, you will be prompted to setup a new multifactor authentication token upon next login.
I am not seeing an expected module in FDIC
connect
. Am I granted full access in FDIC
connect
by default or do I need to take action to access certain modules?
FDIC
connect
users and coordinators are granted minimal access by default. Institution staff will need to be explicitly granted access to underlying transactions within FDIC
connect
to perform certain functions. If you are a coordinator, you can grant yourself access
to any transaction available to your institution by navigating to the Manage Transactions link under Coordinator Functions on the Business Center Menu. From there, select the transaction you are interested in accessing, find your user, grant yourself 'Execute' privileges for that transaction, and click Update.
If you are a user, you will need to coordinate with your bank's FDIC
connect
coordinator(s) so that they may grant you access to a transaction(s).
I need help with a transaction I'm trying to complete, what do I do?
Each FDIC
connect
Business Transaction has a help screen associated with it. Click the Help link at the top of the page for information about that transaction or you can also contact the Help Desk via one of the options listed under the Getting Help section below.
If I complete the transaction via FDIC
connect
, do I still have to send the paper copy into the FDIC?
In some instances you do. Some transactions are in a transitional period, meaning paper copies must still be processed for certain activities. Check with your FDIC Regional Office Staff.
I'm an FDIC
connect
user. Who can help me if I have a problem?
If you have a problem with FDIC
connect
, you should first contact your Institution's Designated Coordinator. In the event your Coordinator is unavailable or you do not know who your Coordinator is, you may contact the FDIC
connect
Help Desk via the
link.
How can I find out who the FDIC
connect
coordinator for my institution is?
Privacy considerations prevent the FDIC from providing this information to you directly. However, the FDIC can pass your inquiry along to the coordinator for your institution. If you wish for us to do so, please notify us via the
link.
What are some of the best practices for the bankers to use FDIC
connect
FCX high usage periods are at each quarter end for assessment processing; please adjust uploads accordingly.
How do I contact the FDIC
connect
Help Desk?
Several options to contact the Help Desk are included in the
link.
Security and Privacy
Security and Privacy
FDIC
connect
is a secure Internet channel for FDIC-insured institutions to conduct business and exchange information with the FDIC. The secure web site is maintained and operated by the FDIC.
You have accessed a computer system owned and operated by the Federal Deposit Insurance Corporation (FDIC). This system may be accessed and used only as authorized by the FDIC. Persons or entities that access this system without authorization may be subject to criminal prosecution. This computer system may be monitored by the FDIC, and all information placed on or sent over this system may be copied, used, or disclosed by the FDIC for all lawful purposes.
Financial institutions are
required to manage their relationships with their vendors and service providers
to ensure that bank-owned data and customer information (e.g. PII) is
adequately protected when entrusted to third parties. This requirement includes using systems for
transmitting data to the FDIC. Use of third-party solutions to communicate with the FDIC may be considered by the
institution when those systems are addressed as part of the institution's vendor management program
, and adequately vetted and assessed for risk as required by the Interagency
Standards for Information Security
implementing the customer safeguards requirements under the Gramm Leach Bliley Act (GLBA). There are many third-party data storage and sharing solutions that were not developed with the intent
of complying with the rigorous requirements under GLBA. Use of non-compliant third-party systems to
share sensitive information with the FDIC may subject the institution to
supervisory criticism.
To facilitate secure storage and exchange of supervisory and examination materials, the FDIC created FDIC
connect
. All financial institutions supervised by the FDIC have access to this system. FDIC
connect
is
deemed compliant with supervisory guidance for protecting sensitive information when conducting business with the FDIC.
What is
FDIC
connect
FDIC
connect
(FCX) provides a secure
channel for financial institutions, state banking authorities and other
organizations to conduct online business with the FDIC.
All insured financial institutions are
required to register with FCX to download their quarterly deposit insurance
assessment statements.
The FDIC
encourages financial institutions to use FCX to conduct other online business.
Is FCX secure?
Data exchanged via FCX is securely maintained in FDIC information systems (including cloud-hosted FDIC systems) rated at the Federal Information Security
Management Act (FISMA) "moderate" risk level. To protect these systems, the FDIC uses a
defense in depth approach supported by an alignment to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, FISMA requirements,
Federal Risk and Authorization Management Program (FedRAMP) assessments and authorizations, and FDIC-wide directives that guide the operations, roles, and responsibilities of employees and contractors.
Among
other security controls, FCX leverages two-factor authentication:
Two-Factor Authentication
FCX uses two-factor authentication to maintain secure access to the system by providing an additional level of security for all institution information contained in FCX (such as ACH account information and Risk Classification Ratings). Two-factor authentication is required for all external users to access FCX as part of the login process; each user of FCX utilizes a token and one-time password (OTP) for each login to the system. After entering the email address and password, users are directed to a two-factor authentication login process that requests the OTP to gain access.
Below is a subset list of additional security controls deployed within FDIC's environment at different layers that are continuously assessed and reviewed:
Network Controls
The FDIC has layered controls that ensure a strong perimeter through application and network layer firewalls. The FDIC participates in the federal Einstein program and other federal and commercial services that protect our data and update indicators of compromise that may indicate an attempt to exfiltrate personally identifiable information (PII) or other sensitive information. The FDIC participates in the weekly Department of Homeland Security (DHS) scanning program for Internet-facing systems. The FDIC uses email filtering and secure email transport protocols to ensure the veracity of email being sent into the FDIC to avoid breaches of PII and other sensitive information that can occur from phishing schemes. The FDIC also has tools that inspect email to identify malicious attachments and safely detonate possible malware prior to it being delivered to end users. The FDIC makes extensive use of secure protocols like Transport Layer Security
(TLS) to ensure that sensitive information being transmitted is encrypted during transmission.
Access Controls
The FDIC has an advanced provisioning system, and access to systems must be approved through defined workflow processes prior to that access being authorized. The FDIC also performs access recertification for our systems containing sensitive information at least annually, requiring managers and system owners to re-certify the access privileges of users within their systems. All access granted is logged and monitored to prevent unauthorized access. For internal users, the FDIC requires personal identity verification (PIV) cards for login to its systems, making two-factor authentication a standard for domain authentication.
Privacy Impact Assessments
In accordance with federal regulations and mandates
, the FDIC conducts Privacy Impact Assessments (PIAs) on systems, business processes, projects and rulemakings that involve an electronic collection, creation, maintenance or distribution of PII. The objective of a PIA is to identify privacy risks and integrate privacy protections throughout the development life cycle of an information system or electronic collection of PII. A completed PIA also serves as a vehicle for building transparency and public trust in government operations by providing public notice to individuals regarding the collection, use and protection of their personal data.
Integrity Protection
The FDIC has deployed file integrity monitoring for key files used by applications that process sensitive information. This ensures that information technology staff are promptly notified if critical application and configuration files are corrupted by malware or altered by an unauthorized source. The FDIC has implemented application white-listing and blocking of downloadable executable content from the Internet to ensure that only authorized software runs and that FDIC employees do not fall prey to internet attacks. The FDIC subscribes to services that rate the content and safety of websites; access to any "bad" sites or to sites that have not yet been categorized is blocked. This control interrupts the kill-chain for phishing attacks and prevents against watering-hole attacks
that may otherwise result in information exfiltration.
Continuous Monitoring
The FDIC has a 24x7 security operations center (SOC) that is kept informed by its subscriptions to threat intelligence resources and its participation in the Financial Services Information Sharing and Analysis Center (FS-ISAC). The FDIC has a sophisticated security information monitoring platform consisting of multiple tools which are integrated into a single operations center where events that may indicate a threat to FDIC-hosted information are identified, researched, addressed and closed in a timely manner.
Incident Management
The FDIC has a dedicated incident response coordinator and incident response team. We have specific breach procedures for PII, and documented incident response processes that include escalation and reporting paths for the United States Computer Emergency Readiness Team (US-CERT) for other security incidents, and for reporting to Congress as required by OMB, DHS, and NIST guidance.
FFIEC IT Examination Handbook, Outsourcing Technology Services:
FDIC Rules and Regulations, Part 364, Appendix B;
FIL 22-2001, Customer Information Security Standards
FIL-44-2008 Third-Party Risk Guidance for Managing Third-Party Risk
TLS is a cryptographic protocol that is designed to provide communications security over a computer network.
For example: Section 208 of the E-Government Act of 2002 requires federal government agencies to conduct a Privacy Impact Assessment (PIA) for all new or substantially changed technology that collects, maintains, or disseminates personally identifiable information (PII). The Privacy Act of 1974 imposes various requirements on federal agencies whenever they collect, create, maintain, and distribute records that can be retrieved by the name of an individual or other personal identifier, regardless of whether the records are in hardcopy or electronic format.
Watering hole is a computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.
The FDIC is strongly committed to maintaining the privacy of your personal information. The following discloses our information gathering and dissemination practices for this site. The information the FDIC receives depends upon your actions when visiting the Corporation's web site.
Information Collected About Your Visit to the Web Site
The FDIC automatically collects and stores the following information about you when you visit our Web site:
The date and time the request was received.
Your Internet Protocol (IP) address, or the proxy address of your Internet Service Provider (e.g. AOL, CompuServe, and so on).
The name and IP address of the FDIC
connect
server that received and logged the request.
The resource on an FDIC
connect
server accessed as a result of the request, such as the Web page, image, and so on.
The query in the request. This field captures any criteria or parameters issued with a query, such as a bank name or insurance certificate number.
The name and version of the your Web browser (e.g. Netscape 4.0).
The content of any sent or received cookie.
The Uniform Resource Locator (URL) that was accessed before the user made a request for FDIC
connect
's Web server. The URL may be an outside address that is not related to the FDIC
connect
server.
Other status codes and values resulting from the Web server responding to the request received: HTTP status code, Windows NT code, number of bytes sent, number of bytes received, duration (in seconds) to fulfill the request, server port number addressed, and protocol version.
FDIC
connect
uses a "cookie", which is a file placed on your computer hard drive, that allows the FDIC
connect
web server to log the pages you use in the FDIC
connect
site and to determine if you have visited the site before. The cookie captures no personally identifying information. The FDIC
connect
server uses this information to provide certain features during your visit to the Web site. You can set your browser to warn you when placement of a cookie is requested, and decide whether or not to accept it. By rejecting a cookie some of the features available on the site may not function properly.
Other than the automatic data collection described above, this site collects no personally identifying information.
The sole exception is when you knowingly and voluntarily provide information
, such as when you provide contact information on the Evaluate Our Site form, available to FDIC
connect
institutions. The exception also applies to your use of the FDIC
connect
Business Center, for which you must have a login account (email address) and password.
The FDIC uses the information we collect for internal system administrative purposes to measure the volume of requests for specific web site pages, and to continually improve the FDIC
connect
Internet site to be responsive to the needs of users. Your choice to use the FDIC
connect
Web site or to send electronic mail to FDIC will be considered your consent for the FDIC to use the information collected therefrom as stated in this notice.
Intrusion Detection Monitoring
This government computer system employs software security programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Such attempts are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act. Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits.
Information Collected From You
You may decide to send the FDIC information, including personally identifying information. The information you supply - whether through a secure Web form, a standard Web form, or by sending an electronic mail message - is maintained by the FDIC for the purpose of processing your request or inquiry. The FDIC also uses the information you supply in other ways to further the FDIC's mission of maintaining stability and public confidence in the nation's banking system.
Various employees of the FDIC may see the information you submit in the course of their official duties. The information may also be shared by the FDIC with third parties to advance the purpose for which you provide the information, including other federal or state government agencies. For example, if you file a complaint, it may be sent to a financial institution for action, or information may be supplied to the Department of Justice in the event it appears that federal criminal statutes have been violated by an entity you are reporting to the FDIC. The primary use of personally identifying information will be to enable the government to contact you in the event we have questions regarding the information you have reported.
Under certain circumstances, the FDIC may be required by law to disclose information you submit to the Corporation, for example, to respond to a Congressional inquiry or subpoena.
If you register with an FDIC online mailing list, the information you provide may also be used to send you FDIC communiquor notify you about updates to our web site.
When you choose to send e-mail to the FDIC you are consenting to the FDIC using the information provided therein, including personally identifying information, in accordance with this notice, unless you expressly state in the e-mail your objection to any uses.
As required by federal law, Privacy Act statements are located on this web site. Additional notifications are provided in the FDIC
connect
Business Center regarding use of that secure site.
Contacting the FDIC About This Web Site
If you are concerned about how information about you may have been used in connection with this web site, or you have questions about the FDIC's privacy policy and information practices you should contact:
FDIC
connect
Room VS-5240
3501 Fairfax Drive
Arlington, VA 22226
E-mail:
fdicconnect@fdic.gov
Electronic mail is not necessarily secure. You should be very cautious when sending electronic mail containing sensitive, confidential information. As an alternative, you should give consideration to sending it by postal mail.