Financial Institution Letter FIL-47- 2021 dated June 30, 2021, announces that the Federal Financial Institutions Examination Council (FFIEC) issued the Architecture, Infrastructure, and Operations (AIO) booklet, which is part of the FFIEC Information Technology Examination Handbook.
- The AIO booklet outlines principles and practices for managing architecture, infrastructure, and operations. This booklet describes principles and practices that examiners review to assess an entity’s AIO functions to determine whether management adequately addresses risks related to AIO and delivery of critical financial products and services.
- This booklet focuses on enterprise-wide, process-oriented approaches that relate to the design of technology within the overall enterprise and business structure, implementation of information technology (IT) infrastructure components, and delivery of services and value for customers.
- The booklet also contains updated procedures to help examiners evaluate the adequacy of an entity’s programs related to AIO. The booklet focuses on assessing an entity’s governance of common AIO-related risks, enterprise-wide IT architectural planning and design, implementation of virtual and physical infrastructure, and on assessing an entity’s related operational controls. Additionally discussed are, emerging technologies, such as cloud computing, micro-services, artificial intelligence, machine learning, zero trust architecture, and the Internet-of-Things.
- The change in the title of the booklet from Operations to Architecture, Infrastructure, and Operations reflects the expanded role IT plays in supporting enterprise and business operations and meeting internal and external customer expectations.
The booklet issuance does not impose new requirements on financial institutions but provides insight on examination methodology.
Financial Institution Letter FIL-45-2021 dated June 27, 2021, announces that the Federal Financial Institutions Examination Council (FFIEC) is updating sections and related examination procedures in the FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual.
- Financial institutions should not interpret the updates as new instructions or an increased focus on certain areas; instead, the updates are intended to offer further transparency into the examination process and support risk-focused examination work.
- Updated Manual sections include: (1) Purchase and Sale of Monetary Instruments Recordkeeping; (2) Special Measures; (3) Reports of Foreign Financial Accounts; and (4) International Transportation of Currency or Monetary Instruments Reporting.
Both of these manual updates provide excellent insight into the examination process and are an excellent resource for financial institutions.