In an updated booklet for the Information Technology Examination Handbook, the Federal Financial Institutions Examination Council ("FFIEC") describes "enterprise-wide, process-oriented approaches" for the design of technology within a business structure, implementation of IT infrastructure and delivery of services for customers. The booklet titled "Architecture, Infrastructure, and Operations" ("AIO") replaces the July 2004 "Operations" booklet and reflects the changing technological environment and increasing need for IT security.
The booklet discusses, among other things, (i) processes for addressing an entity's risk profile, (ii) principles that examiners should use when evaluating the delivery of financial products and services, (iii) management oversight of AIO, and (iv) practices for IT and operations related to safety and soundness, and consumer financial protection.
Primary Sources
- FFIEC Information Technology Examination Handbook: "Architecture, Infrastructure, and Operations"
- CFPB Press Release: Financial Regulators Update Examiner Guidance on Financial Institutions' Information Technology Architecture, Infrastructure, and Operations
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.