Federal Financial Institutions Examination Council (FFIEC)

What is FFIEC?

The Federal Financial Institutions Examination Council (FFIEC) regulations define the uniform principles, standards, and report forms for the federal examination of financial institutions Financial institutions that are regulated by the Federal Reserve System, the FDIC, the National Credit Union Administration, the Office of the Comptroller of the Currency and the Office of Thrift Supervision. They are designed to, as much as possible, mitigate the risks associated with system disruptions which may be caused by a range of incidents such as natural disasters, cyberattack, or other security breach which would affect the information security of both the institution and its customers.

What does FFIEC compliance look like?

The FFIEC has created a set of IT Handbooks which are designed to help institutions and their third-party service providers achieve compliance to its examination standards by providing control and specific audit guidance on a wide range of risk relevant matters. The handbooks address risk-based IT audit practices, information security risks and controls, business continuity planning, e-banking challenges and risks, development, acquisition, and maintenance project risks and techniques, IT risk management, operations risk management, the risks associated with and the supervision and examination of services performed by technology service providers , and retail and wholesale payment systems risks. Financial institutions that are subject to the examination standards of the FFIEC must ensure controls are in place in line with these handbooks in order to maintain compliance.

How can Pointe Solutions help you with your FFIEC audit?

FFIEC audits are of course carried out by the regulatory agencies, and so the Pointe Solutions team, rather than carrying out the audit, instead can act as support and guide throughout the creation, implementation and documentation of the control framework, policies and procedures which will help to significantly reduce to risk of being found non-compliant in the event of an audit. Furthermore, in the event of an audit, we can help to support our clients throughout, taking much of the strain off management by already having produced and maintained the kind of documentation and evidence often required. It doesn’t matter whether you already have a full framework in place and are looking for an evaluation and gap analysis, or if you are a smaller entity just starting on the road to compliance- we can help.