OCC BULLETIN 2016-14
Subject: FFIEC Information Technology Examination Handbook
Date: April 29, 2016
To: Chief Executive Officers of All National Banks, Federal Branches and Agencies, and Federal Savings Associations; Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties
Description: Mobile Financial Services, New Appendix to the Retail Payment Systems Booklet
The Federal Financial Institutions Examination Council (FFIEC) has released a new appendix, “Mobile Financial Services,” to the “Retail Payment Systems” booklet of the FFIEC Information Technology (IT) Examination Handbook. This new appendix E focuses on risks associated with activities and devices for mobile financial services. The appendix emphasizes an enterprise-wide risk management approach for effectively managing and mitigating existing and evolving risks. Additionally, the appendix contains work program objectives to assist examiners in determining the state of risk and controls at an institution or third-party provider. “Retail Payment Systems” is one of the 11 booklets in the FFIEC IT Examination Handbook.
Appendix E addresses the following:
Mobile financial services are the products and services that banks provide to their customers through mobile devices. Customers’ mobile transactions often emulate those initiated on traditional desktop computers; mobile financial services, however, can provide more convenient transaction execution capabilities, such as the initiation or acceptance of mobile payments. Mobile financial services can pose elevated risks related to device security, authentication, data security, mobile malware, data transmission security, compliance, and third-party management. Customers are often less likely to activate security controls, virus protection, or personal firewall functionality on their mobile devices, and mobile financial services often involve the use of third-party service providers.
Please contact Kevin Greenfield, Director for Bank Information Technology, at (202) 649-6340.
Bethany A. Dugan