The US Federal Deposit Insurance Corporation is overhauling its procedures for assessing bank information technology risk in response to a perceived shift away from mainframe-oriented computer processing environments by financial services companies.
The FDIC says it is altering its IT risk assessment programme to cater for the increasing reliance by banks on newer technologies, such as networks, the Internet and enterprise-wide processing. The revised programme incorporates a new philosophy for categorising institutions' use of technology and their consequential exposure to technology risk, along with updated and more risk-focused IT examination procedures.
The FDIC says it will discontinue using terms such as "serviced," "turnkey" and "remote job entry" to describe an institution's level of technology risk.
"These terms no longer accurately reflect the true technology profile of an institution," notes the agency. "Going forward, an institution's technology risk profile will be determined based on a review of core processing systems, internal networks, electronic banking products, connectivity to external networks, the location of sensitive information, and other technology components."
The regulator says the emphasis on technology complexity will allow examiners to focus examination efforts on areas of high risk, while reducing resources at targeted, lower risk institutions.