OCC Bulletin 2021-30 | June 30, 2021
FFIEC Information Technology Examination Handbook: New Architecture, Infrastructure, and Operations Booklet
To
Chief Executive Officers of All National Banks, Federal Savings Associations, Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties
Summary
The Federal Financial Institutions Examination Council (FFIEC) today issued the "Architecture, Infrastructure, and Operations" booklet of the FFIEC Information Technology Examination Handbook. This booklet provides guidance to examiners on risk management processes that promote sound and controlled execution of information technology architecture, infrastructure, and operations at financial institutions. The examination procedures in this booklet help examiners evaluate an institution’s controls and risk management processes relative to the risks of technology systems and operations that reside in, or are connected to, the institution.
Rescission
The "Architecture, Infrastructure, and Operations" booklet rescinds and replaces the "Operations" booklet of the FFIEC Information Technology Examination Handbook. The "Operations" booklet was issued in July 2004.
Note:
Note for Community Banks
The booklet applies to the OCC’s supervision of community banks.1
Highlights
The "Architecture, Infrastructure, and Operations" booklet
- explains how architecture, infrastructure, and operations are separate, but related, functions that, together, assist management in overseeing an entity’s activities related to designing, building, and managing the entity’s technology.
- discusses how appropriate governance of the architecture, infrastructure, and operations functions and related activities can promote risk identification across banks, as well as nonbank financial institutions, bank holding companies, and third-party service providers.
- support implementation of effective risk management.
- assist management through the regular assessment of the entity’s strategies and plans.
- promote alignment and integration between the functions.
Further Information
Please contact Norine Richards, Director for Bank Information Technology, at (202) 649-6550. Grovetta N. Gardineer Senior Deputy Comptroller for Bank Supervision Policy
Related Link
- "Architecture, Infrastructure, and Operations" 1 "Banks" refers collectively to national banks, federal savings associations, and federal branches and agencies of foreign banking organizations.