Each depositor insured to at least $250,000 per insured bank



Home > News & Events > Financial Institution Letters




Financial Institution Letters

Computer Virus Protection

FIL-62-2004
June 7, 2004


TO: CHIEF EXECUTIVE OFFICER (also of interest to Chief Information Officer)
SUBJECT: Guidance on Developing an Effective Computer Virus Protection Program
Summary: The FDIC is issuing guidance to financial institutions about the importance of maintaining an effective computer virus protection program. The guidance provides information on the risks associated with computer viruses and how these risks can be mitigated.

The Federal Deposit Insurance Corporation (FDIC) has prepared the attached guidance to assist financial institutions in developing an effective computer virus protection program in order to mitigate the risks associated with computer viruses and other types of malicious software codes. Financial institutions rely on the Internet to conduct business transactions and to communicate with customers, vendors and other business partners. Commonly used electronic mail applications are susceptible to computer viruses that may be embedded in e-mails and e-mail file attachments. Therefore, it is important that management understand the risks of computer viruses and take appropriate action to protect computer systems.

Customer information security guidelines require periodic risk assessments and status reports be provided to the Board of Directors. The effectiveness of the institutionís computer virus protection program should be addressed in these periodic assessments and reports. Any control weaknesses should be identified and addressed during the normal course of business.

This guidance is designed to complement the FFIEC Information Security IT Examination Handbook, issued December 2002, and to supplement Financial Institution Letter 68-99, ďRisk Assessment Tools and Practices for Information System Security.Ē

For more information about computer virus protection programs, please contact your FDIC Division of Supervision and Consumer Protection Regional Office or Kathryn M. Weatherby, Examination Specialist, at (202) 898-6793.

For your reference, FDIC Financial Institution Letters may be accessed from the FDICís Web site at http://www.fdic.gov/news/news/financial/2004/index.html.

Michael J. Zamorski
Director
Division of Supervision and Consumer Protection

# # #

Attachment: Guidance on Developing an Effective Computer Virus Protection Program

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDICís Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).




Last Updated 06/07/2004 communications@fdic.gov