An official website of the United States government
OCC Bulletin 2014-14
April 3, 2014
Share This Page:
Chief Executive Officers of All National Banks, Federal Branches and Agencies, Federal Savings Associations, Technology Service Providers, Department and Division Heads, All Examining Personnel, and Other Interested Parties
The members of the Federal Financial Institutions Examination Council (FFIEC)1 have issued the attached joint statement to notify financial institutions of the risks associated with the continued distributed denial-of-service (DDoS) attacks and the steps that institutions are expected to take to address these attacks. The joint statement refers institutions to resources to help them mitigate the risks posed by such attacks.
The members of the FFIEC expect financial institutions to address DDoS readiness as part of their ongoing information security and incident response plans. Each institution is expected to
Community banks should ensure that their in-house information technology units or their service providers are taking appropriate action to mitigate this risk.
Questions regarding the FFIEC statement should be directed to the Office of the Comptroller of the Currency’s Bank Information Technology Division at (202) 649-6340.
Carolyn G. DuChene
Deputy Comptroller for Operational Risk
1 The FFIEC members include the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the State Liaison Committee, and the Consumer Financial Protection Bureau.,/p>