skip to main navigation skip to secondary navigation skip to content
Board of Governors of the Federal Reserve System
skip to content
Board of Governors of the Federal Reserve System

Supervisory Policy and Guidance Topics

Information Technology Examination Guidance

The use of information technology (IT) can have important implications for a banking organization’s financial condition, risk profile, and operating performance and should be incorporated into the safety-and-soundness assessment of each organization. The framework for the Federal Reserve’s supervisory strategy with regard to IT is provided in SR 98-9, "Assessment of Information Technology in the Risk-Focused Frameworks for the Supervision of Community Banks and Large Complex Banking Organizations."

Much of the guidance on this page assists examiners in completing the Uniform Rating System for Information Technology (URSIT) ratings. The URSIT is an interagency examination rating system adopted by the Federal Financial Institutions Examination Council (FFIEC) agencies to evaluate the IT activities of financial institutions. The URSIT rating framework is based on a risk evaluation of four general areas: audit, management, development and acquisition, and support and delivery. These components are used to assess the overall IT functions within an organization and arrive at a composite URSIT rating.

Sections on this page:
 

Policy Letters

Information Technology Examination Guidance

SR 12-14
Revised Guidance on Supervision of Technology Service Providers
SR 11-9
Interagency Supplement to Authentication in an Internet Banking Environment
SR 10-3
FFIEC Retail Payment Systems Booklet
SR 09-2
FFIEC Guidance Addressing Risk Management of Remote Deposit Capture Activities
SR 05-22
Revised Training Program for Information Technology Examiners
SR 04-20
FFIEC Information Technology Examination Handbook
SR 00-3 (SUP)
Information Technology Examination Frequency
SR 99-17 (SUP)
Supervisory Ratings for State Member Banks, Bank Holding Companies and Foreign Banking Organizations, and Related Requirements for the National Examination Data System
SR 99-8 (SUP)
Uniform Rating System for Information Technology
SR 98-9 (SUP)
Assessment of Information Technology in the Risk-Focused Frameworks for the Supervision of Community Banks and Large Complex Banking Organizations
SR 95-49 (SUP)
Addition to the "Report on the Target Inspections of Management Information Systems"
SR 95-45 (SUP)
Inspections of Management Information Systems
 

Additional Resources

 

Manual References

Last update: January 23, 2013