Federal Financial Institutions Examination Council
|For Immediate Release||May 20, 2003|
BUSINESS CONTINUITY PLANNING, SUPERVISION OF TECHNOLOGY SERVICE PROVIDER GUIDANCE RELEASED BY FEDERAL FINANCIAL REGULATORS
The Federal Financial Institutions Examination Council (FFIEC) today issued revised guidance for examiners and financial institutions on business continuity planning. The FFIEC also issued guidance to examiners on the supervision of technology service providers. The guidance is contained in two booklets.
The Business Continuity Planning Booklet provides guidance and examination procedures to assist examiners in evaluating financial institution and service provider risk management processes to ensure the availability of critical financial services.
Sound business continuity plans allow financial institutions to respond to such adverse events as natural disasters, technological failures, human error, and terrorism. Financial institutions must be able to restore information systems, operations, and customer services quickly after any adverse event. It is important that business operations be resilient and that customer service disruptions be minimal.
The Supervision of Technology Service Providers Booklet covers the supervision and examination of services performed for financial institutions by technology service providers. It outlines the agencies' risk-based supervision approach, the supervisory process, and the examination ratings used for technology service providers.
The guidance stresses that an institution's management and board of directors have the ultimate responsibility for ensuring outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations. Managing outsourced relationships will be further discussed in depth when a booklet on Outsourcing is released later this year.
The booklets represent the latest in a series of updates to the 1996 FFIEC Information Systems Examination Handbook (Handbook). The FFIEC is updating the Handbook to address significant changes in technology since 1996 and to incorporate a risk-based examination approach. The updates are being issued in separate booklets that will ultimately replace all chapters of the Handbook and comprise the new FFIEC Information Technology Examination Handbook. Future booklets will address electronic banking, audit, payment systems, outsourcing, management, computer operations, and systems development and acquisition.
The booklets are being distributed electronically and are available at www.ffiec.gov/guides.htm.
The FFIEC is composed of the five federal financial regulators: Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision.
OTS Chris Smith 202-906-6677
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has five member agencies: the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.