BUSINESS CONTINUITY PLANNING, SUPERVISION OF TECHNOLOGY
SERVICE PROVIDER GUIDANCE RELEASED BY FEDERAL FINANCIAL REGULATORS
The Federal Financial Institutions Examination
Council (FFIEC) today issued revised guidance for examiners and
financial institutions on business continuity planning. The FFIEC
also issued guidance to examiners on the supervision of technology
service providers. The guidance is contained in two booklets.
The Business Continuity Planning Booklet
provides guidance and examination procedures to assist examiners
in evaluating financial institution and service provider risk management
processes to ensure the availability of critical financial services.
Sound business continuity plans allow financial
institutions to respond to such adverse events as natural disasters,
technological failures, human error, and terrorism. Financial institutions
must be able to restore information systems, operations, and customer
services quickly after any adverse event. It is important that business
operations be resilient and that customer service disruptions be
minimal.
The Supervision of Technology Service Providers
Booklet covers the supervision and examination of services performed
for financial institutions by technology service providers. It outlines
the agencies' risk-based supervision approach, the supervisory process,
and the examination ratings used for technology service providers.
The guidance stresses that an institution's
management and board of directors have the ultimate responsibility
for ensuring outsourced activities are conducted in a safe and sound
manner and in compliance with applicable laws and regulations. Managing
outsourced relationships will be further discussed in depth when
a booklet on Outsourcing is released later this year.
The booklets represent the latest in a series
of updates to the 1996 FFIEC Information Systems Examination Handbook
(Handbook). The FFIEC is updating the Handbook to address significant
changes in technology since 1996 and to incorporate a risk-based
examination approach. The updates are being issued in separate booklets
that will ultimately replace all chapters of the Handbook and comprise
the new FFIEC Information Technology Examination Handbook. Future
booklets will address electronic banking, audit, payment systems,
outsourcing, management, computer operations, and systems development
and acquisition.
The booklets are being distributed electronically
and are available at www.ffiec.gov/guides.htm.
The FFIEC is composed of the five federal financial
regulators: Board of Governors of the Federal Reserve System, Federal
Deposit Insurance Corporation, National Credit Union Administration,
the Office of the Comptroller of the Currency, and the Office of
Thrift Supervision.
Media Contacts:
OTS Chris Smith 202-906-6677
FRB Susan Stawick 202-452-3128
FDIC David Barr 202-898-6992
NCUA Cherie Umbel 703-518-6337
OCC Dean DeBuck 202-874-4876
|