This January 2009 FIL gives guidance and requirements to banks on managing risk for their remote deposit capture systems, vendors, and users.
This June 2008 FIL gives guidance to banks on managing third-party risk (aka vendor management). SBS has released a TRAC module to help banks comply with this guidance.
This February 2008 FIL gives guidance for minimizing a pandemic's potential adverse effects.
In February 2008 the FDIC released a FIL talking about auditing requirements for banks. There are changes to the old auditing practices that you need to make sure are covered in your bank.
FIL-105-2007
The FDIC updated its risk-focused Information Technology (IT) examination procedures for FDIC-supervised financial institutions. As part of the revision, the IT Officer's Questionnaire was enhanced to provide greater coverage of vendor management and outsourcing topics, credit card and ACH (automated clearing house) payment system risks, and an institution's overall information security program.
Go here to download a PDF or Word version of the questionnaire.
The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS) and to make recommendations to promote uniformity in the supervision of financial institutions.
Go here to download booklets in Audit, Business Continuity Planning, Development and Acquisition, E-Banking, FedLine, Information Security, Management, Operations, Outsourcing Technology Services, Retail Payment Systems, Supervision of Technology Service Providers, and Wholesale Payment Systems.
Interagency Guidelines Establishing Information Security Standards
Download the Data Encryption Best Practices Kit and get expert views on how protecting data at all points of use ensures the security of individuals' personal information, sensitive corporate data, and intellectual property.