FFIEC issued the "Architecture, Infrastructure, and Operations" booklet of the FFIEC Information Technology Examination Handbook. This booklet provides guidance to examiners on risk management processes that promote sound and controlled execution of information technology architecture, infrastructure, and operations at financial institutions. The examination procedures in this booklet help examiners evaluate an institution’s controls and risk management processes relative to the risks of technology systems and operations that reside in, or are connected to, the institution. The booklet replaces the Operations booklet issued in July 2004.
The "Architecture, Infrastructure, and Operations" booklet focuses on enterprise-wide, process-oriented approaches that relate to the design of technology within the overall business structure, implementation of IT infrastructure components, and delivery of services and value for customers. The booklet discusses the principles and practices for IT and operations as they relate to safety and soundness, consumer financial protection, and compliance with applicable laws and regulations. It also discusses the management oversight of architecture, infrastructure, and operations and its related components that examiners may encounter during their reviews; these related components include governance; common risk management topics; specific activities of architecture, infrastructure, and operations; and the evolving technologies such as cloud computing, microservices, artificial intelligence, and zero trust architecture. The booklet explains that architecture, infrastructure, and operations are separate but related functions that, together, assist management in overseeing activities related to designing, building, and managing the technology of an entity. It also discusses how appropriate governance of the architecture, infrastructure, and operations functions and related activities can
- promote risk identification across banks, nonbank financial institutions, bank holding companies, and third-party service providers.
- support implementation of effective risk management.
- assist management through the regular assessment of the strategies and plans of an entity
- promote alignment and integration between the functions.
Keywords: Americas, US, Banking, Governance, Technology Risk, Third-Party Service Providers, Information Technology, Cloud Computing, IT Handbook, FFIEC
Previous ArticleFED Updates Form and Instructions for FR Y-9C Reporting
Next ArticleHKMA Intensifies Focus on Regtech Adoption
The European Commission (EC) announced plans to defer the application of 13 regulatory technical standards under the Sustainable Finance Disclosure Regulation (2019/2088) by six months, from January 01, 2022 to July 01, 2022.
The Bank of England (BoE) published a consultation paper on approach to setting minimum requirement for own funds and eligible liabilities (MREL), an operational guide on executing bail-in, and a statement from the Deputy Governor Dave Ramsden.
The European Banking Authority (EBA) is seeking preliminary input on standardization of the proportionality assessment methodology for credit institutions and investment firms.
Certain regulatory authorities in the US are extending period for completion of the review of certain residential mortgage provisions and for publication of notice disclosing the determination of this review until December 20, 2021.
The Prudential Regulation Authority (PRA) published the policy statement PS18/21, which introduces an amendment in the definition of "higher paid material risk taker" in the Remuneration Part of the PRA Rulebook.
The European Banking Authority (EBA) published its annual report on asset encumbrance in banking sector.
The European Banking Authority (EBA) published a methodological guide to mystery shopping.
The Australian Prudential Regulation Authority (APRA) released a letter to authorized deposit-taking institutions to provide an update on key policy settings for the capital framework reforms, which will come into effect from January 01, 2023.
The Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) published a report that assesses the business continuity planning activities of financial market infrastructures or FMIs.
The European Securities and Markets Authority (ESMA) has responded to the IFRS consultation on targeted amendments to the IFRS Foundation constitution to accommodate an International Sustainability Standards Board (ISSB) to set IFRS Sustainability Standards.