Featured Product

    FFIEC Issues Booklet on Risk Management Process for IT Infrastructure

    June 30, 2021

    FFIEC issued the "Architecture, Infrastructure, and Operations" booklet of the FFIEC Information Technology Examination Handbook. This booklet provides guidance to examiners on risk management processes that promote sound and controlled execution of information technology architecture, infrastructure, and operations at financial institutions. The examination procedures in this booklet help examiners evaluate an institution’s controls and risk management processes relative to the risks of technology systems and operations that reside in, or are connected to, the institution. The booklet replaces the Operations booklet issued in July 2004.

    The "Architecture, Infrastructure, and Operations" booklet focuses on enterprise-wide, process-oriented approaches that relate to the design of technology within the overall business structure, implementation of IT infrastructure components, and delivery of services and value for customers. The booklet discusses the principles and practices for IT and operations as they relate to safety and soundness, consumer financial protection, and compliance with applicable laws and regulations. It also discusses the management oversight of architecture, infrastructure, and operations and its related components that examiners may encounter during their reviews; these related components include governance; common risk management topics; specific activities of architecture, infrastructure, and operations; and the evolving technologies such as cloud computing, microservices, artificial intelligence, and zero trust architecture. The booklet explains that architecture, infrastructure, and operations are separate but related functions that, together, assist management in overseeing activities related to designing, building, and managing the technology of an entity. It also discusses how appropriate governance of the architecture, infrastructure, and operations functions and related activities can

    • promote risk identification across banks, nonbank financial institutions, bank holding companies, and third-party service providers.
    • support implementation of effective risk management.
    • assist management through the regular assessment of the strategies and plans of an entity
    • promote alignment and integration between the functions.


    Related Links

    Keywords: Americas, US, Banking, Governance, Technology Risk, Third-Party Service Providers, Information Technology, Cloud Computing, IT Handbook, FFIEC

    Related Articles

    EBA Finalizes Templates for One-Off Climate Risk Scenario Analysis

    The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.

    November 28, 2023 WebPage Regulatory News

    EBA Mulls Inclusion of Environmental & Social Risks to Pillar 1 Rules

    The European Banking Authority (EBA) recently published a report that recommends enhancements to the Pillar 1 framework, under the prudential rules, to capture environmental and social risks.

    October 31, 2023 WebPage Regulatory News

    BCBS Consults on Disclosure of Crypto-Asset Exposures of Banks

    As a follow on from its prudential standard on the treatment of crypto-asset exposures, the Basel Committee on Banking Supervision (BCBS) proposed disclosure requirements for crypto-asset exposures of banks.

    October 19, 2023 WebPage Regulatory News

    BCBS and EBA Publish Results of Basel III Monitoring Exercise

    The Basel Committee on Banking Supervision (BCBS) and the European Banking Authority (EBA) have published results of the Basel III monitoring exercise.

    October 18, 2023 WebPage Regulatory News

    PRA Updates Timeline for Final Basel III Rules, Issues Other Updates

    The Prudential Regulation Authority (PRA) recently issued a few regulatory updates for banks, with the updated Basel implementation timelines being the key among them.

    October 18, 2023 WebPage Regulatory News

    US Treasury Sets Out Principles for Net-Zero Financing

    The U.S. Department of the Treasury has recently set out the principles for net-zero financing and investment.

    October 17, 2023 WebPage Regulatory News

    EC Launches Survey on G7 Principles on Generative AI

    The European Commission (EC) launched a stakeholder survey on the draft International Guiding Principles for organizations developing advanced artificial intelligence (AI) systems.

    October 14, 2023 WebPage Regulatory News

    ISSB Sustainability Standards Expected to Become Global Baseline

    The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.

    September 18, 2023 WebPage Regulatory News

    IOSCO, BIS, and FSB to Intensify Focus on Decentralized Finance

    Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.

    September 18, 2023 WebPage Regulatory News

    BCBS Assesses NSFR and Large Exposures Rules in US

    The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.

    September 14, 2023 WebPage Regulatory News
    RESULTS 1 - 10 OF 8938