OCC BULLETIN 2004-40
Subject: FFIEC Information Technology Examination Handbook
Date: September 2, 2004
To: Chief Executive Officers of All National Banks, Federal Branches and Agencies, Technology Service Providers and Software Vendors, Department and Division Heads, and All Examining Personnel
Description: FFIEC IT Booklets on IT Operations and Wholesale Payment Systems
The guidance attached to this bulletin continues to apply to federal savings associations.
The Federal Financial Institutions Examination Council (FFIEC) has issued two booklets that provide updated guidance on information technology (IT) operations and wholesale payment systems. These booklets complete the series that updates and replaces the 1996 FFIEC Information Systems (IS) Examination Handbook.
The role technology plays in supporting the business function has become increasingly complex. IT operations—traditionally housed in a computer data center with user connections through terminals—are now more dynamic and include distributed environments, integrated applications, networking options, Internet connectivity, and an array of computer operating platforms. Effective support and delivery from IT operations is vital to the performance of most critical business lines in the institution. This booklet covers the risks and expected controls necessary to manage IT operations across the institution. Operational IT risks involve more than just technology; risk management controls must also include sound processes and well-trained people. Effective support and delivery from IT operations is vital to the performance of most critical business lines in the institution.
This booklet rescinds and replaces Chapters 13 ("Operations") and 17 ("Document Imaging") of the 1996 FFIEC IS Examination Handbook.
Wholesale Payment Systems Booklet
Wholesale payment systems consist of numerous financial intermediaries, financial services firms, and nonbank businesses that create, distribute, and process large-value payments. Most of these payments are processed electronically and are generally used to purchase, sell, or finance securities transactions; disburse or repay loans; settle real estate transactions; or make large-value, time-critical payments. This booklet describes the risks associated with wholesale payment systems and the risk management controls that management should establish to mitigate these risks. It also includes discussion of the legal framework for interbank payment systems, the Federal Reserve Board's Payments System Risk Policy, and the "Interagency Paper on Sound Practices to Strengthen the Resiliency of the U.S. Financial System."
National banks that participate in wholesale payment systems or are considering deploying such systems should use this guidance to assess risks to the bank and implement appropriate risk management processes.
This booklet rescinds Chapter 18 ("Wholesale EFT") of the 1996 FFIEC IS Examination Handbook.
The attached FFIEC press release describes the handbook update process and provides the following link [www.ffiec.gov/guides.htm] to electronic versions of all three booklets. To accommodate banks with limited access to the Internet, the OCC will also include these booklets in the next release of e-files, the CD-based library of OCC publications provided to all national banks. Any bank that is not able to download the booklets may order printed copies. Please send your request to the Office of the Comptroller of the Currency, 400 7th Street, SW, Washington, DC 20219.
Other questions regarding these booklets should be directed to your OCC supervisory office or the Bank Technology Division at (202) 649-6340.
Mark L. O'Dell