Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Home > News & Events > Financial Institution Letters

Financial Institution Letters

Risk Management of Free and Open Source Software
FFIEC Guidance
October 21, 2004

Summary: The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance to help institutions identify and implement appropriate risk-management practices when using "free and open source software" (FOSS).

  • FOSS refers to software that users are allowed to run, study, modify and redistribute without paying a licensing fee. Well-known examples are the Linux operating system, Apache Web server and mySQL database.
  • The use of FOSS is increasing in the mainstream information technology and financial services communities.
  • The federal regulatory agencies believe that using FOSS does not impose risks to institutions that are fundamentally different from risks presented by proprietary or self-developed software. However, acquiring and using FOSS necessitates that institutions implement unique risk-management practices.
  • This guidance supplements the FFIEC IT Examination Handbook's Development and Acquisition Booklet by addressing strategic, operational and legal risk considerations in acquiring and using FOSS.

FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
Chief Technology Officer
Chief Information Officer

Related Topics:
FFIEC IT Examination Handbook, Development and Acquisition Booklet

FFIEC Guidance: "Risk Management of Free and Open Source Software"

Jeffrey M. Kopchik, Senior Policy Analyst, or 202-898-3872.

Printable Format:
FIL-114-2004 – PDF (PDF Help)

For your reference, FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at

To receive FILs electronically, please visit

Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).

Last Updated 10/21/2004

Skip Footer back to content