FDIC Information Technology Risk Examination (InTREx) Program Information

FDIC Information Technology Risk Examination (InTREx) Program Information

The Federal Deposit Insurance Corporation (FDIC) has instituted the InTREx program for all financial institutions under $1 Billion dollars in assets.  The program went into affect in July 2016 after almost a year of development, for conducting information technology and operations risk examinations of FDIC-supervised financial institutions.

Banks will now receive ratings in various areas of risk that will then be combined for an overall composite IT rating.  90 days before the FDIC examination the bank will receive the InTREx questionnaire/survey to be completed.  Prior to the FDIC coming onsite to perform their examination they will request any additional documents or information.

The focus of InTREx questionnaire and process is:

  • Cybersecurity
  • Emerging risks and technologies
  • Previous bank risk management efforts

The document is broken down into two separate sections.  There is an Information Technology Program (ITP) and Core Modules sections.  The ITP section is categorized as follows:

  • Core Processing (4 questions)
  • Network (6 questions)
  • Online Banking (4 questions)
  • Development/Programming (1 question)
  • Software and Services (2 questions)
  • Other (9 questions)

The InTREx Core Modules cover the following areas:

  • Audit
  • Management
  • Development and Acquisition
  • Support and Delivery
  • Information security standards
  • Cybersecurity
  • Management

This new process will give auditors more freedom to expand their examination processes in order to focus on high-risk areas.

Financial institutions should do the following to be prepared for InTREx:

  • Review and understand the InTREx program.
  • Have IT departments complete the InTREx pre-exam Information Technology Profile questionnaire.
  • Gather the latest IT internal audit reports, ratings, and management remediation and action plans.

We have included a link to the FDIC FIL-43-2016 document (click here) as well as the actual InTREx form (click here) for easy downloading.

If you have any questions or need assistance in preparing these documents give us a call.