connect

FDICconnect Business Center

The FDICconnect Business Center is the secure Internet portal for FDIC-insured institutions to conduct business and exchange information with FDIC.

fdicconnect business center
Sign In
Already have an Account (Email Address) and Password, Sign In
Frequently Asked Questions (FAQ)
The FDICconnect list of Frequently Asked Questions (FAQ)
Security and Privacy
Review the FDICconnect Security Notice, Security Controls, and Privacy Notice
Post Examination Survey
FDICconnect registration is not required to take the FDICconnect Post Examination Survey. For more information, Please see the survey cover letter included with your Report of Examination Package.

New Account Registration Instructions

The FDIC implemented a Registration System to register for access to FDICconnect (FCX). The FDICconnect Business Center is accessible to FDIC-insured institutions. Only bank employees or their representatives should register. To begin the registration process, please select one of the following options:

FDICconnect Designated Coordinator Registration

To Begin the registration process as a Designated Coordinator for your institution, please contact the FDICconnect Help Desk at (877) 275-3342 (Monday-Friday, 8:00 A.M. - 8:00 P.M. ET) and select option 4.


Next Steps:

  • The Help Desk completes an invitation form and an email is sent to the candidate coordinator.
  • The candidate coordinator receives the email invitation, with a secure link to respond to the invitation. After clicking on the secure link, the candidate coordinator completes and submits the online Designated Coordinator form. The form contains information about the candidate as well as the Institution's Authorizing Official.
  • An FDIC staff member reviews and approves the information submitted.
  • The Institution's Authorizing Official receives an email with a secure link to review and approve the candidate. After reviewing the information, the Authorizing Official approves the request.
  • The candidate coordinator receives an approval email with a secure link to create the FCX account. After clicking on the secure link, the candidate Bank Coordinator submits the FCX account information by completing the online form.
  • An FCX account is created and can be used to login to FCX.
  • The Bank Coordinator logs into FCX
  • The Bank Coordinator will be able to request institution user access, grant user permissions to transactions, and approve users' access requests to associate with the Institution.
FDICconnect User Registration

To Begin the registration process for a User for your institution, please contact your institution's Designated Coordinator.

A Designated Coordinator can add users through the Business Center Menu by:
  • Selecting Coordinator Functions
  • Selecting Registration System Coordinator
  • Selecting the New Bank User Registration request link
  • Completing and submitting the New Bank User Registration form
  • The Candidate user receives an email invitation, with a secure link to respond to the invitation. After clicking on the secure link, the candidate user responds to the invitation by completing and submitting an online form.
  • The coordinator reviews and approves the information submitted by the candidate user.
  • The candidate user receives an approval email, with a secure link to create the FCX account. After clicking the secure link, the candidate user submits the FCX account information by completing an online form.
  • The FCX account is created and can be used to login to FCX.
  • The user logs into FCX
  • The coordinator grants permissions for the user to perform transactions for the institution.
Existing users can request to be a Designated Coordinator through the Business Center Menu by:
  • Selecting User Functions
  • Selecting Institution Association
  • Selecting the Request Coordinator Role button
  • Completing and submitting the Request Coordinator Role form
Existing users can request an institution association to another institution to be a User or Designated Coordinator through the Business Center Menu by:
  • Selecting User Functions
  • Selecting Institution Association
  • Selecting the Go To Institution: Search button
  • Selecting New Bank User Institution Request or New Bank Coordinator Institution Request
  • Completing and submitting the form

Frequently Asked Questions

FDICconnect's most frequently asked questions and answers are listed below.

  1. I need access to FDICconnect. What do I do?

    Because of the secure nature of the system, your institution must follow the registration process as described in the New Account Registration Instructions page.

  2. Can our institution register more than one Coordinator?

    Yes. We suggest that institutions register one primary Coordinator and at least one back up for times when the primary person is unavailable due to vacation, travel, etc.

  3. How many users can we register with FDICconnect?

    There is no set limit on the number of users an institution may register with FDICconnect; however, in the interest of security, we suggest that only those users who will regularly be completing transactions for the institution be given access. Permission to complete transactions may be granted or revoked on a temporary basis for users who only need to access the system occasionally.

  1. What is FDICconnect?

    FDICconnect is the new Internet channel for FDIC-insured institutions to conduct business and exchange information with the FDIC. The secure web site is maintained and operated by the FDIC. You are viewing the FDICconnect system.

  2. Do I need any special equipment or software to use FDICconnect?

    To use FDICconnect, you will need a browser that supports 256-bit SSL (Secure Sockets Layer) version 3/TLS. OpenSSL technology is not used for encryption and data transmission between banking institutions and the FDIC. We recommend using Internet Explorer 11 or higher for Windows or Google Chrome version 78.0. The application may be used with other browsers and operating systems, but has not been tested with them. If you are receiving an error indicating your browser does not support the required level of SSL, you should consult your organization's technical support provider and consider upgrading your browser. For users who require a screen reader for accessibility purposes, FDICconnect supports JAWS version 5 or higher. The application may be used with other screen readers, but has not been tested with them.

  3. Do I need a User ID to use FDICconnect?

    The secure business transaction site, or Business Center, is accessible only if your institution is a member of the FDICconnect system and you have an account (email address and password). To register, complete the FDICconnect registration process. For details on the registration process, visit the New Account Registration Instructions page.

    After you register, your access must be authorized by your institution's FDICconnect coordinator. Your coordinator can provide you with more information about the access process. If your institution does not currently have a Designated Coordinator, please follow the steps in the New Account Registration Instructions page.

  4. I've forgotten my password. What do I do?

    You will need to reset your password. Click on the Forgot password? link on the Sign In page. You will be asked for identifying information. You will receive an email with a secured link, which will allow you to update your password.

  5. I've received a message that my account is locked. What should I do?

    If your account is locked, it will need to be restored by the FDIC. Please contact the FDICconnect Help Desk via the Contact Us link. You will need to include your login email address so that we can process the request. Please do not include your password.

  1. I need help with a transaction I'm trying to complete, what do I do?

    Each FDICconnect Business Transaction has a help screen associated with it. Click the Help link at the top of the page for information about that transaction or you can also contact the Help Desk via one of the options listed under the Getting Help section below.

  2. If I complete the transaction via FDICconnect, do I still have to send the paper copy into the FDIC?

    In some instances you do. Some transactions are in a transitional period, meaning paper copies must still be processed for certain activities. Check with your FDIC Regional Office Staff or the FDICconnect Help Desk if you're not sure.

  1. I'm an FDICconnect user. Who can help me if I have a problem?

    If you have a problem with FDICconnect, you should first contact your Institution's Designated Coordinator. In the event your Coordinator is unavailable or you do not know who your Coordinator is, you may contact the FDICconnect Help Desk via the Contact Us link.

  2. How can I find out who the FDICconnect coordinator for my institution is?

    Privacy considerations prevent the FDIC from providing this information to you directly. However, the FDIC can pass your inquiry along to the coordinator for your institution. If you wish for us to do so, please notify us via the Contact Us link.

  3. What are some of the best practices for the bankers to use FDICconnect?

    • Avoid peak file transfer hours when possible, by uploading files before 9 am and after 4 pm EST.
    • FCX high usage periods are at each quarter end for assessment processing; please adjust uploads accordingly.
    • The FCX-EFE experience may be impacted by your web browser type or version. If you have connection or usage issues, please try a different web browser.
    • The FCX-EFE experience may be impacted by your firewall and virus protection settings. Check with your internal IT Department to determine if these settings could be impacting the connection.
    • Files of 200 MB or less transfer faster.
    • Check with the Internet Service Provider in your area to see if the Internet service provided is sufficient for large file transfers. FCX-EFE file transfers works best with Broadband connections.
    • Computer Settings occasionally need to be adjusted. Form data and Passwords selections do not need to be checked.

  4. How do I contact the FDICconnect Help Desk?

    Several options to contact the Help Desk are included in the Contact Us link.

Security and Privacy

FDICconnect is a secure Internet channel for FDIC-insured institutions to conduct business and exchange information with the FDIC. The secure web site is maintained and operated by the FDIC.

You have accessed a computer system owned and operated by the Federal Deposit Insurance Corporation (FDIC). This system may be accessed and used only as authorized by the FDIC. Persons or entities that access this system without authorization may be subject to criminal prosecution. This computer system may be monitored by the FDIC, and all information placed on or sent over this system may be copied, used, or disclosed by the FDIC for all lawful purposes.

Financial institutions are required to manage their relationships with their vendors and service providers to ensure that bank-owned data and customer information (e.g. PII) is adequately protected when entrusted to third parties. This requirement includes using systems for transmitting data to the FDIC. Use of third-party solutions to communicate with the FDIC may be considered by the institution when those systems are addressed as part of the institution's vendor management program1, and adequately vetted and assessed for risk as required by the Interagency Standards for Information Security2 implementing the customer safeguards requirements under the Gramm Leach Bliley Act (GLBA). There are many third-party data storage and sharing solutions that were not developed with the intent of complying with the rigorous requirements under GLBA. Use of non-compliant third-party systems to share sensitive information with the FDIC may subject the institution to supervisory criticism.

To facilitate secure storage and exchange of supervisory and examination materials, the FDIC created FDICconnect. All financial institutions supervised by the FDIC have access to this system. FDICconnect is deemed compliant with supervisory guidance for protecting sensitive information when conducting business with the FDIC.

What is FDICconnect?

FDICconnect (FCX) provides a secure channel for financial institutions, state banking authorities and other organizations to conduct online business with the FDIC. All insured financial institutions are required to register with FCX to download their quarterly deposit insurance assessment statements. The FDIC encourages financial institutions to use FCX to conduct other online business.

Is FCX secure?

Data exchanged via FCX is securely maintained in FDIC information systems (including cloud-hosted FDIC systems) rated at the Federal Information Security Management Act (FISMA) "moderate" risk level. To protect these systems, the FDIC uses a defense in depth approach supported by an alignment to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, FISMA requirements, Federal Risk and Authorization Management Program (FedRAMP) assessments and authorizations, and FDIC-wide directives that guide the operations, roles, and responsibilities of employees and contractors. Among other security controls, FCX leverages two-factor authentication:

  • Two-Factor Authentication

    FCX uses two-factor authentication to maintain secure access to the system by providing an additional level of security for all institution information contained in FCX (such as ACH account information and Risk Classification Ratings). Two-factor authentication is required for all external users to access FCX as part of the login process; each user of FCX utilizes a token and one-time password (OTP) for each login to the system. After entering the email address and password, users are directed to a two-factor authentication login process that requests the OTP to gain access.

Below is a subset list of additional security controls deployed within FDIC's environment at different layers that are continuously assessed and reviewed:

  • Network Controls

    The FDIC has layered controls that ensure a strong perimeter through application and network layer firewalls. The FDIC participates in the federal Einstein program and other federal and commercial services that protect our data and update indicators of compromise that may indicate an attempt to exfiltrate personally identifiable information (PII) or other sensitive information. The FDIC participates in the weekly Department of Homeland Security (DHS) scanning program for Internet-facing systems. The FDIC uses email filtering and secure email transport protocols to ensure the veracity of email being sent into the FDIC to avoid breaches of PII and other sensitive information that can occur from phishing schemes. The FDIC also has tools that inspect email to identify malicious attachments and safely detonate possible malware prior to it being delivered to end users. The FDIC makes extensive use of secure protocols like Transport Layer Security3 (TLS) to ensure that sensitive information being transmitted is encrypted during transmission.

  • Access Controls

    The FDIC has an advanced provisioning system, and access to systems must be approved through defined workflow processes prior to that access being authorized. The FDIC also performs access recertification for our systems containing sensitive information at least annually, requiring managers and system owners to re-certify the access privileges of users within their systems. All access granted is logged and monitored to prevent unauthorized access. For internal users, the FDIC requires personal identity verification (PIV) cards for login to its systems, making two-factor authentication a standard for domain authentication.

  • Privacy Impact Assessments

    In accordance with federal regulations and mandates4, the FDIC conducts Privacy Impact Assessments (PIAs) on systems, business processes, projects and rulemakings that involve an electronic collection, creation, maintenance or distribution of PII. The objective of a PIA is to identify privacy risks and integrate privacy protections throughout the development life cycle of an information system or electronic collection of PII. A completed PIA also serves as a vehicle for building transparency and public trust in government operations by providing public notice to individuals regarding the collection, use and protection of their personal data.

  • Integrity Protection

    The FDIC has deployed file integrity monitoring for key files used by applications that process sensitive information. This ensures that information technology staff are promptly notified if critical application and configuration files are corrupted by malware or altered by an unauthorized source. The FDIC has implemented application white-listing and blocking of downloadable executable content from the Internet to ensure that only authorized software runs and that FDIC employees do not fall prey to internet attacks. The FDIC subscribes to services that rate the content and safety of websites; access to any "bad" sites or to sites that have not yet been categorized is blocked. This control interrupts the kill-chain for phishing attacks and prevents against watering-hole attacks5 that may otherwise result in information exfiltration.

  • Continuous Monitoring

    The FDIC has a 24x7 security operations center (SOC) that is kept informed by its subscriptions to threat intelligence resources and its participation in the Financial Services Information Sharing and Analysis Center (FS-ISAC). The FDIC has a sophisticated security information monitoring platform consisting of multiple tools which are integrated into a single operations center where events that may indicate a threat to FDIC-hosted information are identified, researched, addressed and closed in a timely manner.

  • Incident Management

    The FDIC has a dedicated incident response coordinator and incident response team. We have specific breach procedures for PII, and documented incident response processes that include escalation and reporting paths for the United States Computer Emergency Readiness Team (US-CERT) for other security incidents, and for reporting to Congress as required by OMB, DHS, and NIST guidance.

 

1FFIEC IT Examination Handbook, Outsourcing Technology Services: https://ithandbook.ffiec.gov/

2FDIC Rules and Regulations, Part 364, Appendix B; FIL 22-2001, Customer Information Security Standards; FIL-44-2008 Third-Party Risk Guidance for Managing Third-Party Risk

3TLS is a cryptographic protocol that is designed to provide communications security over a computer network.

4For example: Section 208 of the E-Government Act of 2002 requires federal government agencies to conduct a Privacy Impact Assessment (PIA) for all new or substantially changed technology that collects, maintains, or disseminates personally identifiable information (PII). The Privacy Act of 1974 imposes various requirements on federal agencies whenever they collect, create, maintain, and distribute records that can be retrieved by the name of an individual or other personal identifier, regardless of whether the records are in hardcopy or electronic format.

5Watering hole is a computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.

The FDIC is strongly committed to maintaining the privacy of your personal information. The following discloses our information gathering and dissemination practices for this site. The information the FDIC receives depends upon your actions when visiting the Corporation's web site.

Information Collected About Your Visit to the Web Site

The FDIC automatically collects and stores the following information about you when you visit our Web site:

  • The date and time the request was received.
  • Your Internet Protocol (IP) address, or the proxy address of your Internet Service Provider (e.g. AOL, CompuServe, and so on).
  • The name and IP address of the FDICconnect server that received and logged the request.
  • The resource on an FDICconnect server accessed as a result of the request, such as the Web page, image, and so on.
  • The query in the request. This field captures any criteria or parameters issued with a query, such as a bank name or insurance certificate number.
  • The name and version of the your Web browser (e.g. Netscape 4.0).
  • The content of any sent or received cookie.
  • The Uniform Resource Locator (URL) that was accessed before the user made a request for FDICconnect's Web server. The URL may be an outside address that is not related to the FDICconnect server.
  • Other status codes and values resulting from the Web server responding to the request received: HTTP status code, Windows NT code, number of bytes sent, number of bytes received, duration (in seconds) to fulfill the request, server port number addressed, and protocol version.

FDICconnect uses a "cookie", which is a file placed on your computer hard drive, that allows the FDICconnect web server to log the pages you use in the FDICconnect site and to determine if you have visited the site before. The cookie captures no personally identifying information. The FDICconnect server uses this information to provide certain features during your visit to the Web site. You can set your browser to warn you when placement of a cookie is requested, and decide whether or not to accept it. By rejecting a cookie some of the features available on the site may not function properly.

Other than the automatic data collection described above, this site collects no personally identifying information. The sole exception is when you knowingly and voluntarily provide information, such as when you provide contact information on the Evaluate Our Site form, available to FDICconnect institutions. The exception also applies to your use of the FDICconnect Business Center, for which you must have a login account (email address) and password.

The FDIC uses the information we collect for internal system administrative purposes to measure the volume of requests for specific web site pages, and to continually improve the FDICconnect Internet site to be responsive to the needs of users. Your choice to use the FDICconnect Web site or to send electronic mail to FDIC will be considered your consent for the FDIC to use the information collected therefrom as stated in this notice.

Intrusion Detection Monitoring

This government computer system employs software security programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Such attempts are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act. Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits.

Information Collected From You

You may decide to send the FDIC information, including personally identifying information. The information you supply - whether through a secure Web form, a standard Web form, or by sending an electronic mail message - is maintained by the FDIC for the purpose of processing your request or inquiry. The FDIC also uses the information you supply in other ways to further the FDIC's mission of maintaining stability and public confidence in the nation's banking system.

Various employees of the FDIC may see the information you submit in the course of their official duties. The information may also be shared by the FDIC with third parties to advance the purpose for which you provide the information, including other federal or state government agencies. For example, if you file a complaint, it may be sent to a financial institution for action, or information may be supplied to the Department of Justice in the event it appears that federal criminal statutes have been violated by an entity you are reporting to the FDIC. The primary use of personally identifying information will be to enable the government to contact you in the event we have questions regarding the information you have reported.

Under certain circumstances, the FDIC may be required by law to disclose information you submit to the Corporation, for example, to respond to a Congressional inquiry or subpoena. If you register with an FDIC online mailing list, the information you provide may also be used to send you FDIC communiquor notify you about updates to our web site.

When you choose to send e-mail to the FDIC you are consenting to the FDIC using the information provided therein, including personally identifying information, in accordance with this notice, unless you expressly state in the e-mail your objection to any uses. As required by federal law, Privacy Act statements are located on this web site. Additional notifications are provided in the FDICconnect Business Center regarding use of that secure site.

Contacting the FDIC About This Web Site

If you are concerned about how information about you may have been used in connection with this web site, or you have questions about the FDIC's privacy policy and information practices you should contact:

FDICconnect
Room VS-5240
3501 Fairfax Drive
Arlington, VA 22226

E-mail: fdicconnect@fdic.gov

Electronic mail is not necessarily secure. You should be very cautious when sending electronic mail containing sensitive, confidential information. As an alternative, you should give consideration to sending it by postal mail.