FFIEC Issues Booklet on Risk Management Process for IT Infrastructure

The "Architecture, Infrastructure, and Operations" booklet focuses on enterprise-wide, process-oriented approaches that relate to the design of technology within the overall business structure, implementation of IT infrastructure components, and delivery of services and value for customers. The booklet discusses the principles and practices for IT and operations as they relate to safety and soundness, consumer financial protection, and compliance with applicable laws and regulations. It also discusses the management oversight of architecture, infrastructure, and operations and its related components that examiners may encounter during their reviews; these related components include governance; common risk management topics; specific activities of architecture, infrastructure, and operations; and the evolving technologies such as cloud computing, microservices, artificial intelligence, and zero trust architecture. The booklet explains that architecture, infrastructure, and operations are separate but related functions that, together, assist management in overseeing activities related to designing, building, and managing the technology of an entity. It also discusses how appropriate governance of the architecture, infrastructure, and operations functions and related activities can

• promote risk identification across banks, nonbank financial institutions, bank holding companies, and third-party service providers.
• support implementation of effective risk management.
• assist management through the regular assessment of the strategies and plans of an entity
• promote alignment and integration between the functions.

Related Links

• News Release
• Architecture, Infrastructure, and Operations Booklet

Keywords: Americas, US, Banking, Governance, Technology Risk, Third-Party Service Providers, Information Technology, Cloud Computing, IT Handbook, FFIEC