Federal Financial Institutions Examination Council
|For Immediate Release||September 30, 2003|
ELECTRONIC BANKING, AUDIT, AND FEDLINE GUIDANCE
The Federal Financial Institutions Examination Council (FFIEC) today issued revised guidance for examiners, financial institutions, and technology service providers on electronic banking (e-banking), information technology (IT) audit, and the FedLine electronic funds transfer application. The guidance is contained in three booklets.
The E-Banking Booklet provides guidance on risks and risk management practices applicable to a financial institution's e-banking activities.
E-banking has created new opportunities for delivering traditional products and services to customers, as well as the potential to offer new products and services. With these opportunities come new challenges, including 24-hour, seven-day-a-week availability; Internet connectivity; increased access to systems and customer information; greater reliance on new service providers; and evolving regulations. These challenges potentially increase threats to the institution's reputation, confidentiality of information, system and data integrity, system availability, and regulatory compliance. E-banking activities require careful planning, coordinated strategies between IT and business units, integrated subject matter expertise, strong controls, and ongoing monitoring and testing. This booklet includes guidance and examination procedures to evaluate the quality of risk management related to these threats and activities in financial institutions and technology service providers.
The Audit Booklet provides guidance on the risk-based IT audit practices of financial institutions and technology service providers.
This booklet builds on the agencies' existing audit guidance and emphasizes the responsibilities of all levels of management, including the board of directors, for establishing a sound audit program. The booklet incorporates changes to the audit process brought about by new legislation enacted since 1996, including the Gramm-Leach-Bliley Act of 1999 and the Sarbanes-Oxley Act of 2002.
The FedLine Booklet provides guidance on the appropriate control considerations for financial institutions using the Federal Reserve's FedLine application.
FedLine provides community financial institutions with access to the Federal Reserve's Fedwire services to receive and send payment messages. To protect their access to this payment system, institutions must ensure its security and availability. The booklet describes policies and procedures necessary to operate FedLine in a safe and sound manner with detailed guidance on physical security, system configuration, and system parameter settings.
The booklets represent the latest in a series of updates to the 1996 FFIEC Information Systems Examination Handbook (Handbook). The FFIEC is updating the Handbook to address significant changes in technology since 1996 and to incorporate a risk-based examination approach. The updates are being issued in separate booklets that will ultimately replace all chapters of the Handbook and comprise the new FFIEC Information Technology Examination Handbook. Future booklets will address retail and wholesale payment systems, outsourcing technology services, management, computer operations, and systems development and acquisition.
The booklets are being distributed electronically and are available at www.ffiec.gov/guides.htm.
OTS Chris Smith 202-906-6677
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has five member agencies: the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.