Interagency Supervisory Statement on Risk Management of Client/Server Systems
October 30, 1996
Circular No. 10885

To the Chief Executive Officers of All State Member Banks, Bank Holding Companies, Edge and Agreement Corporations, and State-Chartered Branches and Agencies of Foreign Banks, in the Second Federal Reserve District

The attached Interagency supervisory statement on Risk Management of Client/Server Systems, issued by the Federal Financial Institutions Examination Council (FFIEC), addresses risk and control issues associated with this dynamic area of information systems technology. The statement alerts the boards of directors and senior management of financial institutions to appraise risks and encourages the development and implementation of sound policies, practices, procedures, and controls regarding client/server computing environments. In addition, tables are included illustrating some of the risks and controls associated with client/server computing.

The existence of policies, practices, or procedures on this matter, and the management and supervision of client/server activities, will be evaluated by examiners during regular supervisory reviews of the institution.

Questions concerning this circular should be directed to Thomas W. Wines, Examining Officer.