Best practices for requesting examination information from banks, credit unions, and other federally supervised financial institutions, and a common authentication solution for secure access to the regulators’ supervision systems, were issued Friday by the umbrella group for the regulators.
The Federal Financial Institutions Examination Council (FFIEC), which includes the federal banking and credit union regulators, the Consumer Financial Protection Bureau, and state regulators (through the exam council’s State Liaison Committee), said the statement announcing the best practices and authentication solution “presents the results of the final phase of the Examination Modernization Project in which FFIEC members addressed the feedback provided by supervised entities regarding examination requests and authentication requirements for FFIEC members’ supervision systems.”
Principles for examination information requests, according to the exam council, include:
- Information requests should be risk-focused and relevant to the examination.
- Supervised institutions should be given sufficient time to produce new or additional requested information.
- Examiners should coordinate information requests among the examination team to avoid duplicative and/or redundant requests.
- Information requests should be made through the supervised institution’s designated regulatory examination point of contact, if applicable, to avoid placing burden on other institution staff.
- Information requests and supplemental information requests should be clearly articulated in writing.
Regarding the authentication solution, the statement asserted that a common approach will allow supervised institutions and the exam council’s member agencies to securely authenticate to supervision systems, while eliminating the need for multiple credentials to access regulator systems.
However, each regulator is given the flexibility to deploy the authentication solution as it deems fit, the statement indicated.
“The agreed-upon transition strategy provides each FFIEC agency the flexibility to implement common authentication as needed, at its own planned pace and as resources become available,” the exam council said. “As FFIEC members continue to align their technological capabilities where permissible and possible, additional opportunities for burden reduction will be evaluated.”