Appendix I: Laws, Regulations, and Guidance

Sources


Federal Financial Institutions Examination Council

Resource TitleTypeDate
FFIEC: Lessons Learned from Hurricane Katrina: Preparing Your Institution for a Catastrophic EventGuidanceJune 2006

Federal Deposit Insurance Corporation

Resource TitleTypeDate
12 CFR Part 364: Interagency Guidelines Establishing Standards for Safety and Soundness, Appendix ARegulationN/A
12 CFR Part 364: Interagency Guidelines Establishing Information Security Standards, Appendix BRegulationN/A
FIL-6-2008: Interagency Statement on Pandemic PlanningGuidanceFebruary 6, 2008
FIL-25-2006: Influenza Pandemic Preparedness Interagency Advisory GuidanceMarch 15, 2006
FIL-84-2002: Interim Sponsorship Policy for Government Emergency Telecommunications Service (GETS) CardsGuidanceAugust , 2002
FIL-68-2001: 501(b) Examination GuidanceGuidanceAugust 24, 2001
FIL-81-2000: Risk Management of Technology OutsourcingGuidanceNovember 29, 2000

Federal Reserve Board

Resource TitleTypeDate
12 CFR Part 208: Interagency Guidelines Establishing Standards for Safety and Soundness, Appendix D-1RegulationN/A
12 CFR Part 208: Interagency Guidelines Establishing Information Security Standards (State Member Banks), Appendix D-2RegulationN/A
SR Letter 07-18: FFIEC Guidance on Pandemic PlanningGuidanceDecember 12, 2007
SR Letter 06-5: Influenza Pandemic PreparednessGuidanceMarch 15, 2006
SR Letter 06-3: Interagency Supervisory Guidance for Institutions Affected by Hurricane KatrinaGuidanceFebruary 3, 2006
SR Letter 05-24: Interagency Questions and Answers for Financial Institutions in Response to Hurricanes Katrina and RitaGuidanceDecember 2, 2005
SR Letter 05-17: Katrina Related Marketing Practices Invoking the Name of the Federal ReserveGuidanceSeptember 22, 2005
SR Letter 05-16: Supervisory Practices Regarding Banking Organizations and Consumers Affected by Hurricane KatrinaGuidanceSeptember 15, 2005

National Credit Union Administration

Resource TitleTypeDate
12 CFR Part 748: Guidelines for Safeguarding Member Information, Appendix ARegulationN/A
12 CFR Part 749: Record Preservation Program and Record Retention, Appendix A and BRegulationN/A
NCUA Letter to Credit Unions 08-CU-01: Guidance on PandemicGuidanceJanuary 2008
NCUA Risk Alert 06-Risk-01: Disaster Planning and ResponseGuidanceApril 2006
NCUA Letter to Credit Unions 06-CU-06: Influenza Pandemic PreparednessGuidanceMarch 2006
NCUA Letter to Credit Unions 02-CU-17: e-Commerce Guide for Credit UnionsGuidanceDecember 2002
NCUA Letter to Credit Unions 01-CU-21: Disaster Recovery and Business Resumption Contingency PlansGuidanceDecember 2001
NCUA Letter to Credit Unions 98-CU-12: Business Resumption Contingency PlanningGuidanceJune 1998

Office of the Comptroller of the Currency

Resource TitleTypeDate
12 CFR Part 5.30: Establishment, Acquisition, and Relocation of a BranchRegulationN/A
12 CFR Part 30: Guidelines Establishing Standards for Safety and Soundness, Appendix ARegulationN/A
12 CFR Part 30: Interagency Guidelines Establishing Information Security Standards, Appendix BRegulationN/A
OCC Bulletin 2007-49: Pandemic Planning: Interagency GuidanceGuidanceDecember 18, 2007
OCC Bulletin 2006-26: Disaster Planning - Hurricane Katrina: Lessons LearnedGuidanceJune 15, 2006
OCC Bulletin 2006-12: Influenza Pandemic Preparedness [Interagency] GuidanceMarch 5, 2006
OCC Bulletin 2006-6: Community Reinvestment Act: Hurricanes Katrina and RitaGuidanceFebruary 9, 2006
OCC Bulletin 2005-36 [Interagency]: Statement and Order: Hurricanes Katrina and RitaGuidanceOctober 4, 2005
OCC Bulletin 2003-14: Interagency White Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial SystemGuidanceApril 8, 2003
OCC Bulletin 2002-33: GETSGuidanceJuly 23, 2002
OCC Bulletin 98-3: Technology Risk ManagementGuidanceFebruary 4, 1998

Office of Thrift Supervision

Resource TitleTypeDate
12 CFR Part 570: Interagency Guidelines Establishing Standards for Safety and Soundness, Appendix ARegulationN/A
12 CFR Part 570: Interagency Guidelines Establishing Information Security Standards, Appendix BRegulationN/A
PR 07-089: Interagency Statement on Pandemic PlanningGuidanceDecember 12, 2007
CEO Ltr 239: Hurricane Katrina: Industry Lessons LearnedGuidanceJune 15, 2006
CEO Ltr 237: Interagency Advisory on Influenza Pandemic PreparednessGuidanceMarch 15, 2006
CEO Ltr 234: Interagency Supervisory Guidance for Institutions Affected by Hurricane KatrinaGuidanceFebruary 3, 2006
CEO Ltr 165: Financial Banking Infrastructure Information Committee (FBIIC) Interim GETS Sponsorship PolicyGuidanceJuly 26, 2002

External Resources

* Non-regulatory Resources and are provided to assist in your research and continuing professional education. They are not endorsed, certified, or approved by the FFIEC or its member agencies.

Resource TitleTypeDate
The Joint Forum, High-level Principals for Business Continuity (Basel)PrintAugust 2006
Pandemic Influenza - Preparedness, Response, and Recovery Guide for Critical Infrastructure and Key Resources (DHS)PrintJune 2006
Statement on Preparations for "Avian Flu" (FSSCC and DHS)PrintJanuary 2006
Business Pandemic Influenza Planning Checklist (HHS and CDC)PrintDecember 2005
National Strategy for Pandemic Influenza (Homeland Security Council)PrintNovember 2005
Best Practices to Assure Telecommunications Continuity for Financial Institutions and the Payment and Settlement Utilities: Report by the Assuring Telecommunications Continuity Task Force (FRB New York)PrintSeptember 2004
The President's National Security Telecommunications Advisory Committee: Financial Services Task Report (NSTAC)PrintApril 2004
Contingency Planning Guide for Information Technology Systems, NIST SP 800-34 (NIST)PrintJune 2002

 

Previous Section
Appendix H: Testing Program - Governance and Attributes
Next Section
Appendix J: Strengthening the Resilience of Outsourced Technology Services