Featured Product

    FFIEC Issues Booklet on Risk Management Process for IT Infrastructure

    June 30, 2021

    FFIEC issued the "Architecture, Infrastructure, and Operations" booklet of the FFIEC Information Technology Examination Handbook. This booklet provides guidance to examiners on risk management processes that promote sound and controlled execution of information technology architecture, infrastructure, and operations at financial institutions. The examination procedures in this booklet help examiners evaluate an institution’s controls and risk management processes relative to the risks of technology systems and operations that reside in, or are connected to, the institution. The booklet replaces the Operations booklet issued in July 2004.

    The "Architecture, Infrastructure, and Operations" booklet focuses on enterprise-wide, process-oriented approaches that relate to the design of technology within the overall business structure, implementation of IT infrastructure components, and delivery of services and value for customers. The booklet discusses the principles and practices for IT and operations as they relate to safety and soundness, consumer financial protection, and compliance with applicable laws and regulations. It also discusses the management oversight of architecture, infrastructure, and operations and its related components that examiners may encounter during their reviews; these related components include governance; common risk management topics; specific activities of architecture, infrastructure, and operations; and the evolving technologies such as cloud computing, microservices, artificial intelligence, and zero trust architecture. The booklet explains that architecture, infrastructure, and operations are separate but related functions that, together, assist management in overseeing activities related to designing, building, and managing the technology of an entity. It also discusses how appropriate governance of the architecture, infrastructure, and operations functions and related activities can

    • promote risk identification across banks, nonbank financial institutions, bank holding companies, and third-party service providers.
    • support implementation of effective risk management.
    • assist management through the regular assessment of the strategies and plans of an entity
    • promote alignment and integration between the functions.

     

    Related Links

    Keywords: Americas, US, Banking, Governance, Technology Risk, Third-Party Service Providers, Information Technology, Cloud Computing, IT Handbook, FFIEC

    Related Articles
    News

    PRA and FPC Finalize Changes to Leverage Ratio Framework in UK

    The Prudential Regulation Authority (PRA) published the final policy statement PS21/21 on the leverage ratio framework in the UK. PS21/21, which sets out the final policy of both the Financial Policy Committee (FPC) and PRA

    October 08, 2021 WebPage Regulatory News
    News

    CFPB Proposes Rule on Small Business Lending Data Collection

    The Consumer Financial Protection Bureau (CFPB) proposed to amend Regulation B to implement changes to the Equal Credit Opportunity Act (ECOA) under Section 1071 of the Dodd-Frank Act.

    October 08, 2021 WebPage Regulatory News
    News

    PRA Decides to Maintain O-SII Buffers for Another Year

    The Prudential Regulation Authority (PRA) decided to maintain, at the 2019 levels, the buffer rates for the Other Systemically Important Institutions (O-SII) for another year, with no new rates to be set until December 2023.

    October 08, 2021 WebPage Regulatory News
    News

    FSB Report Assesses Implementation of Recommendations on Stablecoins

    The Financial Stability Board (FSB) published a progress report on implementation of its high-level recommendations for the regulation, supervision, and oversight of global stablecoin arrangements.

    October 07, 2021 WebPage Regulatory News
    News

    APRA Updates Loan Serviceability Expectations for Home Lending

    In a letter to the authorized deposit taking institutions, the Australian Prudential Regulation Authority (APRA) announced an increase in the minimum interest rate buffer it expects banks to use when assessing the serviceability of home loan applications.

    October 06, 2021 WebPage Regulatory News
    News

    CPMI and IOSCO Consult on Guidance on Stablecoin Arrangements

    The Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) are consulting on the preliminary guidance that clarifies that stablecoin arrangements should observe international standards for payment, clearing, and settlement systems.

    October 06, 2021 WebPage Regulatory News
    News

    EBA and EIOPA Set Out Work Priorities for 2022

    The European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) have set out their respective work priorities for 2022.

    October 05, 2021 WebPage Regulatory News
    News

    MFSA Issues Reporting Updates and Guidance for Banks

    The Malta Financial Services Authority (MFSA) updated the guidelines on supervisory reporting requirements under the reporting framework 3.0, in addition to the reporting module on leverage under the common reporting (COREP) framework.

    October 05, 2021 WebPage Regulatory News
    News

    EC Publishes Decision on List of Equivalent Third Countries Under CRR

    The European Commission (EC) published the Implementing Decision 2021/1753 on the equivalence of supervisory and regulatory requirements of certain third countries and territories for the purposes of the treatment of exposures, in accordance with the Capital Requirements Regulation or CRR (575/2013).

    October 04, 2021 WebPage Regulatory News
    News

    EC Rule on Contractual Recognition of Write-Down and Conversion Powers

    EC published the Implementing Regulation 2021/1751, which lays down implementing technical standards on uniform formats and templates for notification of determination of the impracticability of including contractual recognition of write-down and conversion powers.

    October 04, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7552