A Look Inside the New FFIEC Information Technology Examination Handbook
The Architecture, Infrastructure, and Operations Booklet is one in a series of booklets that compose the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook), prepared for use by examiners.
As described at the FFIEC website:
With the publication of this booklet, the FFIEC member agencies replace the “Operations” booklet issued in July 2004. The title change reflects the overall importance of an entity’s architecture, infrastructure, and operations (AIO). For IT Handbook purposes, the term “entities” includes depository financial institutions, nonbank financial institutions, bank holding companies, and third-party service provider.
The booklet describes principles and practices that examiners review to assess an entity’s Architecture, Infrastructure, and Operations (AIO) functions, deftly discussing enterprise-wide, process-oriented approaches relating to technology design within the overall business structure, implementation of IT infrastructure components, and delivery of services and value for customers. It is one of the top resources in the industry which help these entities stay in compliance!
In addition, it covers the following:
- Principles and practices for IT and operations as they relate to safety and soundness, consumer financial protection, and compliance with applicable laws and regulations.
- Processes for addressing risk related to the design and implementation of IT systems.
- Principles to help examiners evaluate the delivery of financial products and services.
- Management oversight of AIO and its related components, including governance; common risk management topics; specific activities of AIO; and evolving technologies that examiners may encounter during their reviews.
Strategic Considerations for Artificial Intelligence
As the banking industry continues its journey down the path of leveraging Artificial Intelligence technologies, the handbook provides important details for FI's to consider.
First, it is increasingly important for financial institutions to not only integrate the software, but also acquire and maintain the right hardware -- GPUs. The handbook makes it clear in section V.C.1 Internally and Externally Developed Software that "Management should allocate resources to support the software (e.g., costs to maintain the software or support personnel), and personnel should have the expertise needed to maintain and patch the software."
Another consideration for FI's is the deployment of AI via the cloud. The handbook outlines three specific cloud deployments: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
Management may choose to leverage the cloud in different ways. Some entities outsource certain applications or processes, such as storage or data backup to the cloud (as part of SaaS). Others may choose to develop their own applications; these entities, however, rely on the cloud service provider to provide and maintain the OS (as part of PaaS). Still others may choose to outsource only the physical hardware to cloud service providers, while maintaining the OS and applications themselves (as part of IaaS).
These factors are important for OrboGraph's OrbNet AI and OrbNet Forensic AI. As we continue to integrate directly with FI's and into our partners' platforms, the above are important considerations before and during the integration process. Ensuring that our clients and partners are prepared with both the knowledge and resources needed to integrate and maintain the hardware ensures that they will leverage the technology to its full potential.