Information Technology Supervision
I want to know about...
- Reporting cybersecurity breaches
- Requesting service-provider examination reports
- IT regulations
- IT supervision and regulation letters
- IT guidance
- IT frequently asked questions
- IT outreach information
- Who to contact about IT examinations
Reporting cybersecurity breaches
Given the heightened cyber threat environment, we would like to remind you of our expectations for effective computer security incident response and reporting, in the event your bank experiences a cybersecurity breach.
For incidents reportable under both SR 22-4 Contact Information in Relation to Computer-Security Incident Notification Requirements and SR 05-23 Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice, following the SR 22-4 process will also fulfill SR 05-23 requirements.
To report an SR 22-4—Computer-Security Incident:
- Email the Federal Reserve System incident mailbox at incident@frb.gov or contact the Incident Notification Line at 866-364-0096, and
- Notify your Central Point of Contact.
To report an SR 05-23—Sensitive Customer Data Incident:
- Email the Dallas BS&R Incident mailbox at BSR.Incident.Report@dal.frb.org
- Contact an IT director of examinations:
- Jason Anthony, jason.anthony@dal.frb.org / 214.922.6982
- Drew Wilson, drew.wilson@dal.frb.org / 214.922.6252
For more information, see Cybersecurity IT Incident Response and Reporting
Requesting service-provider examination reports
The Federal Banking Agencies distribute Reports of Examination (ROE) resulting from its supervision of Technology Service Providers to regulated financial institutions that are either included in the customer list or can demonstrate they had an active contract at the time of the examination.
Please direct requests for service-provider examination reports to:
- Drew Wilson, IT Director of Examinations (primary)
- Jason Anthony, IT Director of Examinations (backup)
IT regulations
- Regulation H – Interagency Guidelines Establishing Information Security Standards
- Regulation V – Subpart J – Identity Theft Red Flags
- Regulation II (Debit Card Interchange Fees and Routing) – Compliance Guide
- All Regulations
- Also see IT Frequently Asked Questions section below for more information
IT supervision and regulation letters
- IT Supervisory Policy and Guidance Topics
- Supervision and Regulation (SR) Letters – SR letters, address significant policy and procedural matters related to the Federal Reserve System’s supervisory responsibilities
- Cybersecurity
- Incident response
- SR 22-4—Contact Information in Relation to Computer-Security Incident Notification Requirements
- Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
- SR 05-23 – Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice
- Quick Reference Guide – Cybersecurity Incident Response
IT guidance
The Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook) provides guidance to examiners and financial institutions on the characteristics of an effective information technology (IT) program.
Details can be found at the following:
IT frequently asked questions
IT outreach information
Who to contact about IT examinations
- Drew Wilson, IT Director of Examinations, 214-922-6252
- Jason Anthony IT Director of Examinations, 214-922-6982