OCC BULLETIN 2015-9
Subject: FFIEC Information Technology Examination Handbook
Date: February 6, 2015
To: Chief Executive Officers of All National Banks, Federal Branches and Agencies, and Federal Savings Associations; Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties
Description: Strengthening the Resilience of Outsourced Technology Services, New Appendix for Business Continuity Planning Booklet
The Federal Financial Institutions Examination Council (FFIEC) has released a new appendix, “Strengthening the Resilience of Outsourced Technology Services,” to the “Business Continuity Planning” booklet of the FFIEC Information Technology Examination Handbook. The new appendix ensures that the booklet aligns with regulatory guidance on third-party relationship risk management and incorporates emerging risks, such as cyber resilience risk concerns. “Business Continuity Planning” is one of the 11 booklets comprising the FFIEC IT Examination Handbook.
Appendix J highlights and strengthens the “Business Continuity Planning” booklet in four specific areas:
Financial institutions should partner with their technology service provider(s) as needed to strengthen the resilience of outsourced technology as recommended through this guidance.
On October 30, 2013, the Office of the Comptroller of the Currency issued OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance.” Because many financial institutions depend on third-party providers to support critical banking operations, the FFIEC incorporated these principles, along with those from other regulatory guidance, to update the “Business Continuity Planning” booklet. The updated booklet more effectively addresses interdependencies of third-party services in a financial institution’s overall business resilience strategy.
As indicated in the attached FFIEC news release, the FFIEC IT Examination Handbook is available electronically at http://ithandbook.ffiec.gov.
For further information, contact Kevin Greenfield, Director, Bank Information Technology, at (202) 649-6340.