The Federal Financial Institutions Examination Council (FFIEC) completed its update of the 1996 FFIEC Information Systems Examination Handbook (1996 Handbook) earlier this year with the release of the last two of twelve booklets that now comprise the new FFIEC Information Technology Examination Handbook (IT Handbook). The new IT Handbook, which replaces all chapters of the 1996 Handbook, addresses significant changes in technology since 1996 and incorporates a risk-based examination approach. The new IT Handbook offers guidance on the following topics:
Going forward, each booklet will be updated and new topical guidance will be developed as changes in information technology and the evolution of standards related to financial institution IT practices necessitate.
With the release of the last two booklets, in July 2004, the 1996 Handbook is now completely retired. Further, nine interagency supervisory policy (SP) statements and six SR letters have been rescinded.1 Chapters 1 through 23 of the 1996 Handbook were rescinded with the issuance of various booklets. Chapters 24 through 30 contained laws, guidance and SP statements related to the topic of IT issued by various FFIEC agencies. This information can now be found in the resources sections of the IT Handbook booklets or on the individual agencies' web sites.
The FFIEC agencies are distributing these booklets electronically to financial institutions and technology service providers via the Internet through the FFIEC's InfoBase application. The InfoBase includes each booklet in Adobe Acrobat PDF file format, as well as an online version with links to various resource materials and presentations providing an orientation to the handbook update process and each booklet. The electronic versions of all of the booklets are available at http://ithandbook.ffiec.gov/.
In the event you have any questions concerning the FFIEC Information Technology Examination Handbook or the topics discussed in it, please contact Adrienne Haden, Manager, Operational and Information Technology Risk, at (202) 452-2058, or Elton Hill, Senior Supervisory Financial Analyst, Operational and Information Technology Risk, at (202) 452-2514.