Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Guidance on Instant Messaging

TO: CHIEF EXECUTIVE OFFICER (also of interest to Chief Information Officer) 
SUBJECT: Guidance on the Risks Associated With Instant Messaging 
Summary: The FDIC is providing guidance to financial institutions on the risks associated with publicly available instant messaging and network file-sharing. This guidance includes background information on the risks and how they can be mitigated through an effective management program. 

The Federal Deposit Insurance Corporation (FDIC) has prepared the attached guidance to assist financial institutions in protecting themselves against the vulnerabilities of instant messaging (IM) and establishing policies and procedures concerning its usage.

Instant messaging has become a popular communication channel because it facilitates real-time communication from any computer connected to the Internet by either connecting to a Web browser or by downloading free IM software. Newer versions also permit users to share files in addition to messaging. IM technology is used by financial institution employees at the workplace both officially, as approved by senior management, and unofficially, where users access IM directly from the Internet. IM access may expose financial institutions to security, privacy, and legal liability risks. Institutions should assess the risks and the business needs for IM and establish policies to allow, restrict or deny IM usage based on these risk assessments and business needs.

Customer information security guidelines require that periodic risk assessments and status reports be submitted to the board of directors. These periodic assessments and reports should include the institution’s position on IM. Any control weaknesses should be identified and addressed during the normal course of business.

For more information, please contact your FDIC Division of Supervision and Consumer Protection (DSC) Regional Office or Kathryn M. Weatherby, Examination Specialist in DSC, at (202)-898-6793.

For your reference, FDIC Financial Institution Letters may be accessed from the FDIC’s Web site at http://www.fdic.gov/news/financial-institution-letters/2004/index.html.

Michael J. Zamorski

Director

Division of Supervision and Consumer Protection

Distribution

FDIC-Supervised Banks (Commercial and Savings)

Note

Paper copies of FDIC financial institution letters may be obtained through the FDIC’s Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).

Attachment(s)

Last Updated: July 21, 2004