Financial Regulators Update Examiner Guidance on Financial Institutions’ Information Technology Development, Acquisition, and Maintenance

The Federal Financial Institutions Examination Council (FFIEC) today issued a new booklet to help examiners assess information technology practices.

The “Development, Acquisition, and Maintenance” booklet provides examiners with fundamental examination expectations regarding entities’ development and acquisition planning and execution, governance and risk management, and maintenance and change management practices. It discusses the interconnectedness of an entity’s assets and processes and those of its third-party service providers along with information to help examiners assess whether management adequately addresses risks and complies with applicable laws and regulations.

The booklet reflects the changing technological environment and increasing need for security and resilience. It also highlights the importance of providing examiners with current information regarding safety and soundness, consumer protection, and provision of secure and resilient business services to customers. This new booklet replaces the “Development and Acquisition” booklet issued in April 2004.

The complete FFIEC Information Technology Examination Handbook is available at https://ithandbook.ffiec.gov/.