FFIEC issued the "Architecture, Infrastructure, and Operations" booklet of the FFIEC Information Technology Examination Handbook. This booklet provides guidance to examiners on risk management processes that promote sound and controlled execution of information technology architecture, infrastructure, and operations at financial institutions. The examination procedures in this booklet help examiners evaluate an institution’s controls and risk management processes relative to the risks of technology systems and operations that reside in, or are connected to, the institution. The booklet replaces the Operations booklet issued in July 2004.
The "Architecture, Infrastructure, and Operations" booklet focuses on enterprise-wide, process-oriented approaches that relate to the design of technology within the overall business structure, implementation of IT infrastructure components, and delivery of services and value for customers. The booklet discusses the principles and practices for IT and operations as they relate to safety and soundness, consumer financial protection, and compliance with applicable laws and regulations. It also discusses the management oversight of architecture, infrastructure, and operations and its related components that examiners may encounter during their reviews; these related components include governance; common risk management topics; specific activities of architecture, infrastructure, and operations; and the evolving technologies such as cloud computing, microservices, artificial intelligence, and zero trust architecture. The booklet explains that architecture, infrastructure, and operations are separate but related functions that, together, assist management in overseeing activities related to designing, building, and managing the technology of an entity. It also discusses how appropriate governance of the architecture, infrastructure, and operations functions and related activities can
- promote risk identification across banks, nonbank financial institutions, bank holding companies, and third-party service providers.
- support implementation of effective risk management.
- assist management through the regular assessment of the strategies and plans of an entity
- promote alignment and integration between the functions.
Keywords: Americas, US, Banking, Governance, Technology Risk, Third-Party Service Providers, Information Technology, Cloud Computing, IT Handbook, FFIEC
Previous ArticleFED Updates Form and Instructions for FR Y-9C Reporting
Next ArticleHKMA Intensifies Focus on Regtech Adoption
The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.
The European Banking Authority (EBA) recently published a report that recommends enhancements to the Pillar 1 framework, under the prudential rules, to capture environmental and social risks.
As a follow on from its prudential standard on the treatment of crypto-asset exposures, the Basel Committee on Banking Supervision (BCBS) proposed disclosure requirements for crypto-asset exposures of banks.
The Basel Committee on Banking Supervision (BCBS) and the European Banking Authority (EBA) have published results of the Basel III monitoring exercise.
The Prudential Regulation Authority (PRA) recently issued a few regulatory updates for banks, with the updated Basel implementation timelines being the key among them.
The U.S. Department of the Treasury has recently set out the principles for net-zero financing and investment.
The European Commission (EC) launched a stakeholder survey on the draft International Guiding Principles for organizations developing advanced artificial intelligence (AI) systems.
The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.
Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.
The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.