OCC Bulletin 2021-30| June 30, 2021

FFIEC Information Technology Examination Handbook: New Architecture, Infrastructure, and Operations Booklet

To

Chief Executive Officers of All National Banks, Federal Savings Associations, Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties

Summary

The Federal Financial Institutions Examination Council (FFIEC) today issued the "Architecture, Infrastructure, and Operations" booklet of the FFIEC Information Technology Examination Handbook. This booklet provides guidance to examiners on risk management processes that promote sound and controlled execution of information technology architecture, infrastructure, and operations at financial institutions. The examination procedures in this booklet help examiners evaluate an institution’s controls and risk management processes relative to the risks of technology systems and operations that reside in, or are connected to, the institution.

Rescission

The "Architecture, Infrastructure, and Operations" booklet rescinds and replaces the "Operations" booklet of the FFIEC Information Technology Examination Handbook. The "Operations" booklet was issued in July 2004.

Note for Community Banks

The booklet applies to the OCC’s supervision of community banks.1

Highlights

The "Architecture, Infrastructure, and Operations" booklet

  • explains how architecture, infrastructure, and operations are separate, but related, functions that, together, assist management in overseeing an entity’s activities related to designing, building, and managing the entity’s technology.
  • discusses how appropriate governance of the architecture, infrastructure, and operations functions and related activities can
    • promote risk identification across banks, as well as nonbank financial institutions, bank holding companies, and third-party service providers.
    • support implementation of effective risk management.
    • assist management through the regular assessment of the entity’s strategies and plans.
    • promote alignment and integration between the functions.

Further Information

Please contact Norine Richards, Director for Bank Information Technology, at (202) 649-6550.

 

Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy

Related Link

1 "Banks" refers collectively to national banks, federal savings associations, and federal branches and agencies of foreign banking organizations.