ELECTRONIC BANKING, AUDIT, AND FEDLINE GUIDANCE
RELEASED BY FEDERAL FINANCIAL REGULATORS

The Federal Financial Institutions Examination Council (FFIEC) today issued revised guidance for examiners, financial institutions, and technology service providers on electronic banking (e-banking), information technology (IT) audit, and the FedLine electronic funds transfer application. The guidance is contained in three booklets.

The E-Banking Booklet provides guidance on risks and risk management practices applicable to a financial institution's e-banking activities.

E-banking has created new opportunities for delivering traditional products and services to customers, as well as the potential to offer new products and services. With these opportunities come new challenges, including 24-hour, seven-day-a-week availability; Internet connectivity; increased access to systems and customer information; greater reliance on new service providers; and evolving regulations. These challenges potentially increase threats to the institution's reputation, confidentiality of information, system and data integrity, system availability, and regulatory compliance. E-banking activities require careful planning, coordinated strategies between IT and business units, integrated subject matter expertise, strong controls, and ongoing monitoring and testing. This booklet includes guidance and examination procedures to evaluate the quality of risk management related to these threats and activities in financial institutions and technology service providers.

The Audit Booklet provides guidance on the risk-based IT audit practices of financial institutions and technology service providers.

This booklet builds on the agencies' existing audit guidance and emphasizes the responsibilities of all levels of management, including the board of directors, for establishing a sound audit program. The booklet incorporates changes to the audit process brought about by new legislation enacted since 1996, including the Gramm-Leach-Bliley Act of 1999 and the Sarbanes-Oxley Act of 2002.

The FedLine Booklet provides guidance on the appropriate control considerations for financial institutions using the Federal Reserve's FedLine application.

FedLine provides community financial institutions with access to the Federal Reserve's Fedwire services to receive and send payment messages. To protect their access to this payment system, institutions must ensure its security and availability. The booklet describes policies and procedures necessary to operate FedLine in a safe and sound manner with detailed guidance on physical security, system configuration, and system parameter settings.

The booklets represent the latest in a series of updates to the 1996 FFIEC Information Systems Examination Handbook (Handbook). The FFIEC is updating the Handbook to address significant changes in technology since 1996 and to incorporate a risk-based examination approach. The updates are being issued in separate booklets that will ultimately replace all chapters of the Handbook and comprise the new FFIEC Information Technology Examination Handbook. Future booklets will address retail and wholesale payment systems, outsourcing technology services, management, computer operations, and systems development and acquisition.

The booklets are being distributed electronically and are available at www.ffiec.gov/guides.htm.

Media Contacts:

OTS Chris Smith 202-906-6677
FRB Susan Stawick 202-452-3128
FDIC David Barr 202-898-6992
OCC Dean DeBuck 202-874-4876
NCUA Cherie Umbel 703-518-6337