Updated FFIEC compliance guidelines specifically delineate APIs as a distinct attack surface, shedding light on the amplified risks they introduce. Financial institutions might be on a tighter compliance timeline than anticipated to prioritize fortifying their API security.