Supervisory Policy and Guidance Topics
Information Technology Examination Guidance
The use of information technology (IT) can have important implications for a banking organization’s financial condition, risk profile, and operating performance and should be incorporated into the safety-and-soundness assessment of each organization. The framework for the Federal Reserve’s supervisory strategy with regard to IT is provided in SR 98-9, "Assessment of Information Technology in the Risk-Focused Frameworks for the Supervision of Community Banks and Large Complex Banking Organizations."
Much of the guidance on this page assists examiners in completing the Uniform Rating System for Information Technology (URSIT) ratings. The URSIT is an interagency examination rating system adopted by the Federal Financial Institutions Examination Council (FFIEC) agencies to evaluate the IT activities of financial institutions. The URSIT rating framework is based on a risk evaluation of four general areas: audit, management, development and acquisition, and support and delivery. These components are used to assess the overall IT functions within an organization and arrive at a composite URSIT rating.
Policy LettersInformation Technology Examination Guidance
FFIEC Information Technology Examination Handbook – Information Security Booklet
FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors
End of Microsoft Support for Windows XP Operating System
Revised Guidance on Supervision of Technology Service Providers
Interagency Supplement to Authentication in an Internet Banking Environment
Information Technology Examination Frequency
Supervisory Ratings for State Member Banks, Bank Holding Companies and Foreign Banking Organizations, and Related Requirements for the National Examination Data System
Uniform Rating System for Information Technology
- Financial Institution Letters (FILs) Addressing Information Technology
- OCC Electronic Banking Guidance