Each depositor insured to at least $250,000 per insured bank



Home > News & Events > Financial Institution Letters




Financial Institution Letters

Guidance on Instant Messaging

FIL-84-2004
July 21, 2004


TO: CHIEF EXECUTIVE OFFICER (also of interest to Chief Information Officer)
SUBJECT: Guidance on the Risks Associated With Instant Messaging
Summary: The FDIC is providing guidance to financial institutions on the risks associated with publicly available instant messaging and network file-sharing. This guidance includes background information on the risks and how they can be mitigated through an effective management program.

The Federal Deposit Insurance Corporation (FDIC) has prepared the attached guidance to assist financial institutions in protecting themselves against the vulnerabilities of instant messaging (IM) and establishing policies and procedures concerning its usage.

Instant messaging has become a popular communication channel because it facilitates real-time communication from any computer connected to the Internet by either connecting to a Web browser or by downloading free IM software. Newer versions also permit users to share files in addition to messaging. IM technology is used by financial institution employees at the workplace both officially, as approved by senior management, and unofficially, where users access IM directly from the Internet. IM access may expose financial institutions to security, privacy, and legal liability risks. Institutions should assess the risks and the business needs for IM and establish policies to allow, restrict or deny IM usage based on these risk assessments and business needs.

Customer information security guidelines require that periodic risk assessments and status reports be submitted to the board of directors. These periodic assessments and reports should include the institutionís position on IM. Any control weaknesses should be identified and addressed during the normal course of business.

For more information, please contact your FDIC Division of Supervision and Consumer Protection (DSC) Regional Office or Kathryn M. Weatherby, Examination Specialist in DSC, at (202)-898-6793.

For your reference, FDIC Financial Institution Letters may be accessed from the FDICís Web site at http://www.fdic.gov/news/news/financial/2004/index.html

Michael J. Zamorski

Director

Division of Supervision and Consumer Protection

# # #

Attachment

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDICís Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).




Last Updated 07/21/2004 communications@fdic.gov