Seal of the Board of Governors of the Federal Reserve System
BOARD OF GOVERNORS
OF THE
FEDERAL RESERVE SYSTEM
WASHINGTON, D. C.  20551
DIVISION OF BANKING
SUPERVISION AND REGULATION
SR 04-20
December 29, 2004

TO THE OFFICER IN CHARGE OF SUPERVISION
AT EACH FEDERAL RESERVE BANK
SUBJECT:  FFIEC Information Technology Examination Handbook

The Federal Financial Institutions Examination Council (FFIEC) completed its update of the 1996 FFIEC Information Systems Examination Handbook (1996 Handbook) earlier this year with the release of the last two of twelve booklets that now comprise the new FFIEC Information Technology Examination Handbook (IT Handbook). The new IT Handbook, which replaces all chapters of the 1996 Handbook, addresses significant changes in technology since 1996 and incorporates a risk-based examination approach.  The new IT Handbook offers guidance on the following topics:

Going forward, each booklet will be updated and new topical guidance will be developed as changes in information technology and the evolution of standards related to financial institution IT practices necessitate.

With the release of the last two booklets, in July 2004, the 1996 Handbook is now completely retired.  Further, nine interagency supervisory policy (SP) statements and six SR letters have been rescinded.1  Chapters 1 through 23 of the 1996 Handbook were rescinded with the issuance of various booklets. Chapters 24 through 30 contained laws, guidance and SP statements related to the topic of IT issued by various FFIEC agencies.  This information can now be found in the resources sections of the IT Handbook booklets or on the individual agencies' web sites.

The FFIEC agencies are distributing these booklets electronically to financial institutions and technology service providers via the Internet through the FFIEC's InfoBase application. The InfoBase includes each booklet in Adobe Acrobat PDF file format, as well as an online version with links to various resource materials and presentations providing an orientation to the handbook update process and each booklet. The electronic versions of all of the booklets are available at http://ithandbook.ffiec.gov/.

In the event you have any questions concerning the FFIEC Information Technology Examination Handbook or the topics discussed in it, please contact Adrienne Haden, Manager, Operational and Information Technology Risk, at (202) 452-2058, or Elton Hill, Senior Supervisory Financial Analyst, Operational and Information Technology Risk, at (202) 452-2514.

James V. Houpt
Associate Director


Attachment:
Listing of SP Statements and SR letters Rescinded With the Issuance of the New Handbook (77 KB PDF)
Supersedes:
SR Letters 88-2, 88-33, 90-5, 93-25, 94-2, and 97-15

Notes:
  1. The rescinded SP statements and SR letters are listed in an attachment to this letter. The two remaining SP statements (SP-1, Interagency EDP Examination, Scheduling, and Distribution Policy, September 1991 Revised, and SP-11, Enhanced Supervision Program (ESP) for Multidistrict Data Processing Services (MDPS), January 1995) can be found in the resources section of the Supervision of Technology Service Providers Booklet in the IT Handbook.  Return to text
SR letters | 2004
Home | Banking information and regulation
Accessibility | Contact Us
Last update: April 15, 2013