Skip navigation
Ensuring a Safe and Sound Federal Banking System for All Americans Site Map | Text Size: S M L


Resources for bankers

Get answers to banking questions

BIT Issuances

These issuances provide information to banks and examiners on areas of continuing concern and advise bankers and bank directors about activities and situations that could affect the safe and sound management of their banks.

FFIEC Statements

June 7, 2016
The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, is issuing this statement, in light of recent cyber attacks, to remind financial institutions of the need to actively manage the risks associated with interbank messaging and wholesale payment networks.

June 24, 2014
The Federal Financial Institutions Examination Council (FFIEC) today launched a Web page on cybersecurity ( Web page is a central repository for current and future FFIEC-related materials on cybersecurity.

May 7, 2014
The Federal Financial Institutions Examination Council (FFIEC) today highlighted efforts to enhance financial institutions’ cybersecurity during a webinar for approximately 5,000 chief executive officers and senior managers from community financial institutions.

March 22, 2013
The Federal Financial Institutions Examination Council (FFIEC) member agencies today announced the addition of a new feature to the Information Technology Examination Handbook InfoBase. This feature provides bankers, agency personnel, and other interested parties with the ability to register and receive notifications of additions, changes, and deletions to the InfoBase. 

Publish DateIdentifierTitle
04/11/2018  OCC 2018-8, Cyber Insurance: FFIEC Joint Statement on Cyber Insurance and Its Potential Role in Risk Management Programs
11/22/2016  OCC 2016-41, Enhanced Cyber Risk Management Standards: Advanced Notice of Proposed Rulemaking
10/17/2016  OCC 2016-34, Cybersecurity: Frequently Asked Questions on the FFIEC Cybersecurity Assessment Tool
09/09/2016  OCC 2016-27, FFIEC Information Technology Examination Handbook: Revised Information Security Booklet
06/07/2016  OCC 2016-18, Cybersecurity of Interbank Messaging and Wholesale Payment Networks: FFIEC Statement
04/29/2016  OCC 2016-14, FFIEC Information Technology Examination Handbook: Mobile Financial Services, New Appendix to the Retail Payment Systems Booklet
04/27/2016  OCC 2016-13, Communications Technology: Guidance for Banks' Maintenance of Records, Records Retention, and Examiner Access
03/21/2016  OCC 2016-10, Prepaid Cards: Interagency Guidance to Issuing Banks on Applying Customer Identification Program Requirements for Holders of Prepaid Cards
11/10/2015  OCC 2015-44, FFIEC Information Technology Examination Handbook: Revised Management Booklet
11/03/2015  OCC 2015-40, Cybersecurity: Joint Statement on Cyber Attacks Involving Extortion
06/30/2015  OCC 2015-31, Cybersecurity: FFIEC Cybersecurity Assessment Tool
03/30/2015  OCC 2015-20, Cybersecurity: Destructive Malware Joint Statement
03/30/2015  OCC 2015-19, Cybersecurity: Cyber Attacks Compromising Credentials Joint Statement
02/06/2015  OCC 2015-9, FFIEC Information Technology Examination Handbook: Strengthening the Resilience of Outsourced Technology Services, New Appendix for Business Continuity Planning Booklet
11/03/2014  OCC 2014-53, Cybersecurity: Cybersecurity Assessment General Observations and Statement
09/26/2014  OCC 2014-48, Bourne-Again Shell (Bash) "Shellshock" Vulnerability: FFIEC Alert
08/20/2014  OCC 2014-41, Merchant Processing: Revised Comptroller's Handbook Booklet
04/25/2014  OCC 2014-17, Information Security Vulnerability in OpenSSL: Joint Statement
04/03/2014  OCC 2014-14, Distributed Denial-of-Service Cyber Attacks, Risk Mitigation, and Additional Resources: Joint Statement
04/02/2014  OCC 2014-13, Cyber Attacks on Financial Institutions' ATM and Card Authorization Systems: Joint Statement
10/07/2013  OCC 2013-22, Windows XP Operating System: Joint Statement
10/31/2012  OCC 2012-34, Supervision of Technology Service Providers: FFIEC IT Examination Handbook Booklet Revision and Administrative Guidelines for Interagency Supervisory Programs
06/28/2011  OCC 2011-27, Prepaid Access Programs
06/28/2011  OCC 2011-26, Authentication in an Internet Banking Environment: Supplement
05/20/2010  OCC 2010-17, Unlawful Internet Gambling Enforcement Act of 2006: Examination Procedures
02/25/2010  OCC 2010-9, FFIEC Information Technology Examination Handbook: Retail Payment Systems Booklet
11/20/2009  OCC 2009-33, Model Privacy Notice: Final Rule
05/27/2009  OCC 2009-16, Affiliate Marketing and Identity Theft Red Flags and Address Discrepancies Rules: Technical Corrections
01/14/2009  OCC 2009-4, Remote Deposit Capture: Interagency Guidance
05/08/2008  OCC 2008-16, Information Security: Application Security
04/24/2008  OCC 2008-12, Payment Processors: Risk Management Guidance
03/19/2008  OCC 2008-6, FFIEC Information Technology Examination Handbook: Business Continuity Planning Booklet
12/18/2007  OCC 2007-49, Pandemic Planning: Interagency Guidance
11/14/2007  OCC 2007-45, Identity Theft Red Flags and Address Discrepancies: Final Rulemaking
02/16/2007  OCC 2007-9, Daylight Savings Time Change: Risk Management Guidance
09/01/2006  OCC 2006-39, Automated Clearing House Activities: Risk Management Guidance
08/15/2006  OCC 2006-35, Authentication in an Internet Banking Environment: Frequently Asked Questions
07/27/2006  OCC 2006-31, FFIEC Information Security Booklet: Information Security Guidance
06/15/2006  OCC 2006-26, Disaster Planning: Hurricane Katrina - Lessons Learned
03/15/2006  OCC 2006-12, Influenza Pandemic: Interagency Advisory
12/14/2005  OCC 2005-44, Small Entity Compliance Guide: Information Security
10/12/2005  OCC 2005-35, Authentication in an Internet Banking Environment: Interagency Guidance
07/01/2005  OCC 2005-24, Threats from Fraudulent Bank Web Sites: Risk Mitigation and Response Guidance for Web Site Spoofing Incidents
04/14/2005  OCC 2005-13, Response Programs for Unauthorized Access to Customer Information and Customer Notice: Final Guidance: Interagency Guidance
01/12/2005  OCC 2005-1, Proper Disposal of Consumer Information: Final Rule
10/27/2004  OCC 2004-47, FFIEC Guidance: Risk Management for the Use of Free and Open Source Software
09/08/2004  OCC 2004-42, FFIEC Customer Brochure: Protecting Customers’ Personal Financial Information
09/02/2004  OCC 2004-40, FFIEC Information Technology Examination Handbook: FFIEC IT Booklets on IT Operations and Wholesale Payment Systems
07/15/2004  OCC 2004-32, FFIEC Information Technology Examination Handbook: FFIEC IT Booklets on Outsourcing Technology Services and Management
10/02/2003  OCC 2003-41, FFIEC Information Technology Examination Handbook: E-Banking, Audit, and FedLine Booklets
04/23/2003  OCC 2003-15, Weblinking: Interagency Guidance on Weblinking Activity
04/08/2003  OCC 2003-14, Interagency White Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System: Business continuity sound practices developed by the FRB, SEC, and OCC to ensure the continued functioning of critical financial services
03/27/2003  OCC 2003-13, Telecommunications Service Priority (TSP) Program: Policy on Sponsorship of TSP for Private Sector Entities
07/23/2002  OCC 2002-33, Government Emergency Telecommunications Service (GETS): FBIIC Policy on Sponsorship of GETS Cards for Private Sector Entities
05/28/2002  OCC 2002-23, Electronic Banking: Final Rule
05/15/2002  OCC 2002-16, Bank Use of Foreign-Based Third-Party Service Providers: Risk Management Guidance
07/18/2001  OCC 2001-35, Examination Procedures to Evaluate Compliance with the Guidelines to Safeguard Customer Information: Examination Procedures
02/28/2001  OCC 2001-12, Bank-Provided Account Aggregation Services: Guidance to Banks
02/15/2001  OCC 2001-8, Guidelines Establishing Standards for Safeguarding Customer Information: Final Guidelines
06/20/2000  OCC 2000-21, Privacy of Consumer Financial Information: Final Rule
05/15/2000  OCC 2000-14, Infrastructure Threats -- Intrusion Risks: Message to Bankers and Examiners
05/04/1999  OCC 1999-20, Certification Authority Systems: Guidance for Bankers and Examiners
07/30/1998  OCC 1998-31, Guidance on Electronic Financial Services and Consumer: FFIEC Guidance
05/12/1998  OCC 1998-22, Branch Names: Interagency Statement
02/04/1998  OCC 1998-3, Technology Risk Management: Guidance for Bankers and Examiners
09/03/1996  OCC 1996-48, Stored Value Card Systems: Information for Bankers and Examiners
Publish DateIdentifierTitle
12/21/2012  Alert 2012-16, Information Security: Distributed Denial of Service Attacks and Customer Account Fraud
04/18/2011  Alert 2011-4, Incident Prevention and Detection-Protecting Information Security of National Banks
02/23/2007  Alert 2007-9, Fraudulent E-mails Claiming to be from the FDIC or VeriSign and Requesting Recipients to Run a “Security Guard Script”
09/08/2006  Alert 2006-50, Customer Authentication and Internet Banking Alert
07/02/2004  Alert 2004-12, Fraudulent Web Site Fraudulent Web site purporting to be operated by the Office of the Comptroller of the Currency
01/23/2004  Alert 2004-2, Fictitious E-mails: Fictitious E-mails to Financial Institution Customers
06/12/2003  Alert 2003-9, Threat Posed by New Internet Virus (Bugbear.B)
08/19/2002  Alert 2002-10, Internet Banking Fraud: Fictitious Digital Investment Certificates

Consumer Advisories
Publish DateIdentifierTitle
06/01/2011  CA 2011-2, Avoiding 'Card Skimming' at ATMs and Other Money Machines