FFIEC IT Examination Handbook Updates
Summary
The FFIEC has updated its IT Examination Handbook, providing new and revised booklets and work programs. These resources offer guidance to examiners and financial institutions on various IT-related topics, including audit, business continuity, development, information security, and management.
What changed
The FFIEC IT Examination Handbook InfoBase has been updated with new and revised booklets and work programs. These resources cover key areas such as Audit, Business Continuity Management, Development/Acquisition/Maintenance, Information Security, Management, and Architecture/Infrastructure/Operations. The updates provide guidance for examiners and financial institutions on assessing IT risks and compliance with relevant regulations.
Financial institutions should review the updated booklets and work programs to ensure their IT governance, security, and operational practices align with current guidance. While these are non-binding guidance documents, adherence is expected during examinations. No specific compliance deadlines or penalties are mentioned, but examiners will use these resources to evaluate an institution's IT posture.
What to do next
- Review updated IT Examination Handbook booklets and work programs
- Assess current IT practices against new guidance
- Incorporate relevant updates into IT policies and procedures
Source document (simplified)
Sign up for FFIEC IT Handbook InfoBase Email Updates and What’s New RSS Feed
What's New Link to a feed containing any updates to the FFIEC IT Handbook InfoBase (e.g., booklets, appendices, and joint statements)
Glossary Definitions of terms found in or relating to IT booklet concepts
Laws, Regulations, & Guidance Link to the regulatory resources by IT booklet and further sorted by regulatory agency
References This page contains topical materials that supplement booklet content and are for informational purposes
FFIEC IT BOOKLETS
Access all the resources associated with the individual handbooks
Audit
Guidance to examiners and financial institutions on the characteristics of an effective information technology (IT) audit function
Business Continuity Management
Guidance to examiners on the principles of BCM and approaches of business continuity planning and resilience; and examination procedures to help determine the effectiveness of business continuity and resilience
Development, Acquisition, and Maintenance
Guidance to examiners on development controls, acquisition and procurement planning and execution, governance and risk management, and maintenance and change control practices of entities
Information Security
Guidance to examiners on factors to assess information security risks and procedures to evaluate the adequacy of the information security program
Management
Guidance to examiners outlining the principles of overall governance and IT governance and provides examination procedures to evaluate IT governance and processes for ITRM
Architecture, Infrastructure, and Operations
Guidance to examiners on enterprise-wide, process-oriented approaches that relate to the design of technology within the overall business structure, implementation of IT infrastructure components, and delivery of services and value for customers.
Outsourcing Technology Services
Guidance and examination procedures for examiners evaluate risk management processes to establish, manage, and monitor third-party service provider relationships
Retail Payment Systems
Guidance to examiners on identifying and controlling risks associated with retail payment systems and related banking activities
Supervision of Technology Service Providers
Outlines the Agencies' risk-based supervisory program and includes the examination ratings used for regulated financial institutions and their third-party service providers
Wholesale Payment Systems
Guidance to examiners on the risks and risk management practices when originating and transmitting large-value payments
Archived Booklets
IT Booklets that have been superseded by a newer revision
HOW TO USE THE IT EXAMINATION HANDBOOK INFOBASE
The IT Examination Handbook InfoBase Home page (this screen) provides users with access to everything in one place. At the top of the screen, across the banner from left to right, users can get to the FFIEC Infobase Home Page, the IT booklets, IT workprograms, Glossary, and the FFIEC Home Page. By hovering over the IT booklets link in the banner, users can select the booklet they want to see, including a page of archived IT booklets. Users can scroll down past the introduction of the Infobase to opt in to receive e-mail or RSS feed updates when changes are made to the Infobase. Lower in the page, the user can access several pages under solid circles including What’s New, Glossary, Laws, Regulations, & Guidance, and References. Finally, the IT booklets are laid out on the screen, with a description of each, and the ability for the user to select the view they choose, from the Table of Contents, the Online View of the booklet, a Download of the booklet, or a Download of the workprogram. At the bottom of the screen, the user can link to a page containing all of the booklets and workprograms available for single or bulk download.
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Banking & Finance alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when FFIEC IT Examination Handbook Updates publishes new changes.