|
Handbooks |
Handbooks provide
guidance to national banks, service providers, software
vendors and bank examiners on procedures for supervising
banking activities.
|
Published Booklets
|
|
- Audit (August 2003)
- Business Continuity
Planning (March 2008)
- Development and
Acquisition (April 2004)
- Electronic Banking
(August 2003)
- FedLine (August 2003)
- Information Security
(July 2006)
- Management (June 2004)
- Operations (July 2004)
- Outsourcing Technology
Services (June 2004)
- Retail Payments (March
2004)
- Supervision of
Technology Service Providers (March 2003)
- Wholesale Payments
(July 2004)
| |
- Bank Supervision
Process
- Large Bank Supervision
- Community Bank
Supervision
- Comptroller's Licensing
Manual, Charters
|
|
Current OCC
Regulation |
The OCC has issued
the following regulation regarding electronic banking
activities by national banks. The final rule published
in May 2002, establishes a new subpart 7 of OCC
regulations that addresses the authority of national
banks to conduct activities by electronic means and
codifies many of the OCC's prior interpretations on
electronic banking found on this website. |
5/16/2002 OCC Issues Final Rule on Electronic
Banking |
Release 2002-44 |
WORD ASCII |
Final Rule on Electronic Banking |
PDF |
|
OCC
Issuances |
These issuances
provide information to banks and examiners on areas of
continuing concern and advise bankers and bank directors
about activities and situations that could affect the
safe and sound management of their banks. |
OCC Bulletins |
Links |
05/08/2008 Information Security: Application Security |
Bulletin 2008-16
|
HTML |
03/19/2008 FFIEC Information Technology Examination Handbook: Business Continuity Planning Booklet |
Bulletin 2008-6
FFIEC press release:
Business Continuity Planning Booklet: |
HTML
HTML
HTML |
12/18/2007 Pandemic Planning: Interagency Guidance |
Bulletin 2007-49 |
HTML PDF HTML |
11/14/2007 Identity Theft Red Flags and Address Discrepancies |
Bulletin 2007-45 |
HTML PDF |
02/16/2007 Daylight Savings Time Change: Risk Management Guidance |
Bulletin 2007-9
|
HTML |
09/01/2006 Automated Clearing House Activities: Risk Management Guidance |
Bulletin 2006-39 |
PDF ASCII |
08/15/2006 Authentication in an Internet Banking Environment: Frequently Asked Questions |
Bulletin 2006-35 |
WORD ASCII |
07/27/2006 Identity Theft Red Flags and Address Discrepancies |
Bulletin 2006-32 |
WORD ASCII |
07/27/2006 FFIEC Information Security Booklet |
Bulletin 2006-31 |
WORD ASCII |
06/15/2006 Disaster Planning: Hurricane Katrina: Lessons Learned |
Bulletin 2006-26
Booklet: |
WORD ASCII
HTML |
03/30/2006 Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) |
Bulletin 2006-14
Examination Procedures:
Worksheet: Examination Procedures: |
WORD ASCII
PDF
PDF
|
03/15/2006 Influenza Pandemic Preparedness: Interagency Advisory |
Bulletin 2006-12 |
WORD ASCII |
12/14/2005 Small Entity Compliance Guide: Information Security |
Bulletin 2005-44
Guide: |
WORD ASCII
PDF |
10/12/2005 Authentication in an Internet
Banking Environment |
Bulletin 2005-35 |
WORD ASCII |
7/01/2005 Threats from Fraudulent Bank Web
Sites: Risk Mitigation and Response Guidance for Web
Site Spoofing Incidents |
Bulletin 2005-24 |
PDF ASCII |
4/14/2005 Response Programs for Unauthorized
Access to Customer Information and Customer Notice:
Final Guidance |
Bulletin 2005-13 |
WORD ASCII |
1/12/2005 Proper Disposal of Consumer Information: Final Rule
|
Bulletin 2005-1
Final Rule:
|
WORD ASCII
PDF
|
12/20/2004 Automated Clearing House, NACHA Rule Changes |
Bulletin 2004-58 |
WORD ASCII |
10/27/2004 FFIEC Guidance: Risk Management for
the Use of Free and Open Source Software |
Bulletin 2004-47 |
PDF ASCII |
Guidance |
HTML |
10/02/2003 FFIEC
Information Technology Examination Handbook: E-Banking,
Audit, and FedLine Booklets |
Bulletin 2003-41 |
WORD ASCII |
05/21/2003 FFIEC Information Technology
Examination Handbook: Business Continuity Planning and
Supervision of Technology Service Providers Booklets |
Bulletin 2003-18 |
WORD ASCII |
04/23/2003 Weblinking: Interagency Guidance on
Weblinking Activity |
Bulletin 2003-15 |
WORD ASCII |
Interagency Guidance |
PDF |
04/08/2003 Interagency Paper On Sound
Practices To Strengthen the Resilience Of The U.S.
Financial System |
Bulletin 2003-14 |
WORD ASCII |
Interagency Paper |
PDF |
03/27/2003 Telecommunications Service Priority
(TSP) Program: FBIIC Policy on Sponsorship of TSP for
Private Sector Entities |
Bulletin 2003-13 |
WORD ASCII |
FBIIC Policy |
HTML |
FRB Sponsorship: Notice |
PDF |
2/05/2003 FFIEC Information Security Booklet:
Information Security Guidance |
Bulletin 2003-4 |
PDF ASCII |
07/23/2002 Government Emergency Telecommunications Service |
Bulletin 2002-33 |
PDF ASCII |
05/28/2002 Electronic Banking: Final Rule |
Bulletin 2002-23 |
PDF ASCII |
Electronic Activities: Final
Rule |
PDF |
5/15/2002 Bank Use of Foreign-Based
Third-Party Service Providers |
Bulletin 2002-16 |
WORD ASCII |
11/1/2001 Third-Party Relationships: Risk
Management Principles |
Bulletin 2001-47 |
WORD ASCII |
7/18/2001 Examination Procedures to Evaluate
Compliance with the Guidelines to Safeguard Customer
Information |
Bulletin 2001-35 |
WORD ASCII |
Examination Procedures |
PDF |
4/27/2001 Uniform Standards for the
Electronic Delivery of Disclosures; Regulations M, Z, B,
E and DD |
Bulletin 2001-23 |
WORD ASCII |
2/28/2001 Bank-Provided Account Aggregation
Services |
Bulletin 2001-12 |
WORD ASCII |
2/15/2001 Guidelines Establishing Standards
for Safeguarding Customer Information |
Bulletin 2001-8 |
WORD ASCII |
Final Guidelines |
HTML |
06/22/2000 Privacy of Consumer Financial
Information--Final Rule |
Bulletin 2000-21 |
WORD ASCII |
Summary |
WORD ASCII |
Final Rule |
ASCII |
06/19/2000 Suspicious Activity Report |
Bulletin 2000-19 |
WORD ASCII |
SAR Form and Guidance (FinCEN) |
HTML
|
05/15/2000 Infrastructure Threats-Intrusion
Risks---Message to Bankers and Examiners |
Bulletin 2000-14 |
WORD ASCII
|
5/4/99 Certification Authority Systems |
Bulletin 99-20 |
ASCII |
7/30/98 FFIEC Guidance on Electronic
Financial Services and Consumer Compliance |
Bulletin 98-31 |
ASCII |
FFIEC Guidance |
PDF |
Compliance Issues Involving
Electronic Services |
PDF |
7/9/1998 Accounting for Computer Software Costs |
Bulletin 98-29 |
ASCII |
5/12/98 Branch Names (multiple trade
names) |
Bulletin 98-22 |
ASCII |
Interagency Statement (Additional
Guidance) |
PDF |
Interpretive Letter No. 881 |
PDF |
2/4/98 Technology Risk Management |
Bulletin 98-3 |
ASCII |
9/10/96 Stored Value Card
Systems--Information for Bankers and Examiners |
Bulletin 96-48 |
ASCII |
Alerts |
Links
|
02/16/2007 Daylight Savings Time Change: Risk Management Guidance |
Alert 2007-9 |
HTML |
09/08/2006 Customer Authentication and Internet Banking Alert |
Alert 2006-50 |
HTML ASCII |
09/12/2003 Customer Identity Theft:
E-Mail-Related Fraud Threats |
Alert 2003-11 |
WORD ASCII |
06/12/2003 Threat Posed by New Virus
(Bugbear.B) |
Alert 2003-9 |
WORD ASCII |
4/24/2001 Network Security Vulnerabilities |
Alert 2001-4 |
WORD ASCII |
07/19/2000 Protecting Internet Addresses of
National Banks |
Alert 2000-9 |
WORD ASCII |
2/11/2000 Internet Security: Distributed
Denial of Service Attacks |
Alert 2000-1
|
WORD ASCII
|
Advisory Letters |
Links |
10/01/2004 Electronic Consumer Disclosures and
Notices |
Advisory Letter
2004-11
|
WORD ASCII
|
06/21/2004 Electronic Record Keeping |
Advisory Letter 2004-9 |
WORD ASCII |
05/14/2004 Payroll Card Systems |
Advisory Letter 2004-6 |
WORD ASCII |
12/09/2003 Risk Management of Wireless
Networks |
Advisory
2003-10 |
WORD ASCII |
5/11/2001 Brokered and Rate-Sensitive
Deposits |
Advisory Letter 2001-5 |
WORD ASCII |
Joint Agency Advisory |
PDF |
3/22/2000 Technology Risk Management Lessons
from Year 2000 |
Advisory Letter 2000-2 |
WORD ASCII |
FFIEC urges financial institutions
not to forget lessons learned from Year 2000 project |
PDF |
Lessons learned from the Year 2000
project |
PDF |
03/29/99 Fair Credit Reporting Act |
Advisory Letter 99-3 |
ASCII |
7/24/91 Social Security Numbers As Personal
Identification Numbers |
Advisory
Letter 91-4 |
PDF |
Rescinded Issuances |
Date
|
Rescinded By
|
OCC Bulletins
|
OCC 94-8 Electronic Imaging Systems |
January 1994 |
Operations Booklet, FFIEC IT Examination Handbook |
OCC 97-23 FFIEC Interagency Statement on Corporate Business Resumption and Contingency Planning |
May 1997 |
Business Continuity Planning Booklet, FFIEC IT Examination Handbook
|
OCC 98-30 Uniform Rating System for IT - Notice & Request for Comment |
July 1998 |
Replaced by OCC 99-3 |
OCC 98-38 Technology Risk Management: PC Banking Guidance for Bankers and Examiners |
August 1998 |
Electronic Banking Booklet, FFIEC IT Examination Handbook |
OCC 99-3 Uniform Rating System for Information Technology -- Message to Bankers and Examiners |
January 1999 |
Incorporated into the "Bank Supervision Process" booklet |
OCC 99-9 Infrastructure Threats from Cyber-Threats |
March 1999 |
Information
Security Booklet, FFIEC IT Examination
Handbook |
OCC 2001-17 Change in URSIT Usage for Examinations of National Banks |
April 2001 |
Incorporated into the "Bank Supervision Process" booklet |
OCC 2002-2 ACH Transactions Involving the Internet: Guidance and Examination Procedures |
January 2002 |
Replaced by OCC 2006-39 Automated Clearing House Activities: Risk Management Guidance |
OCC 2004-49 Check Clearing for the 21st Century Act (Check 21) and 12 CFR 229 Availability of Funds and Collection of Checks |
November 2004 |
Replaced by the Depository Services booklet, updated September 2006 |
|
|
|
Advisory Letters
|
AL 88-7 LSIS |
November 1988 |
Development and Acquisition Booklet, FFIEC IT Examination Handbook |
AL 88-9 SDLC |
December 1988 |
Development and Acquisition Booklet, FFIEC IT Examination Handbook |
AL 97-9 Reporting Computer Related Crimes |
November 1997 |
OCC 2003-37 Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice |
AL 99-6 Guidance to National Banks and Privacy Statements |
May 1999 |
Information Security Booklet, FFIEC IT Examination Handbook |
AL 2000-12 Risk Management of Outsourcing Technology Sources |
November 2000 |
Outsourcing
Technology Services Booklet, FFIEC IT Examination
Handbook |
|
|
|
Banking Circulars
|
BC-187 Financial Information on Data Services Processing |
January 1985 |
Outsourcing
Technology Services Booklet, FFIEC IT Examination
Handbook |
BC-226 End User Computing |
January 1988 |
Business
Continuity Planning, Operations, and Information
Security Booklets, FFIEC IT Examination
Handbook |
BC-229 Information Security |
May 1988 |
Information
Security Booklet, FFIEC IT Examination
Handbook |
BC-260 EDP Service Contracts |
July 1992 |
Outsourcing
Technology Services Booklet, FFIEC IT Examination
Handbook |
BC-271 EFT Switches and Network Services |
May 1993 |
Retail Payments
Booklet, FFIEC IT Examination
Handbook |
|
|
|
Examining Circulars
|
EC-238 |
EC-238 Sup 1 |
Disclosure of Camel Ratings |
Attachment to EC-238 |
EC-159 |
Uniform Financial Institutions Rating System |
Attachment to EC-159 and supplement |