Summary:
The Federal Financial Institutions Examination Council (FFIEC) has issued a revised "Management" booklet that provides guidance to assist examiners in evaluating the information technology (IT) governance at financial institutions and service providers. The booklet is part of the IT Examination Handbook series.
Statement of Applicability to Institutions with Total Assets under $1 billion: This Financial Institution Letter applies to all FDIC-supervised institutions offering online banking services.
Highlights:
- The revised Management booklet outlines the principles of overall governance and, more specifically, IT governance.
- The revised booklet delineates the stages of the IT risk-management process, including risk identification, measurement, mitigation, monitoring, and reporting.
- The revised booklet incorporates cybersecurity concepts as part of IT risk management.
- An electronic version of the booklet, as well as an FFIEC press release, is available at http://www.ffiec.gov/press.htm .
Suggested Distribution:
- FDIC-Supervised Banks (Commercial and Savings)
Suggested Routing:
- Chief Executive Officer
- Chief Information Officer
- Chief Information Security Officer
Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).
Additional Related Topics:
- FFIEC IT Examination Handbook
FIL-54-2015