Financial Institution Letters Guidance on Instant Messaging
July 21, 2004
CHIEF EXECUTIVE OFFICER (also of interest to Chief Information Officer)
Guidance on the Risks Associated With Instant Messaging
The FDIC is providing guidance to financial institutions on the risks associated with publicly available instant messaging and network file-sharing. This guidance includes background information on the risks and how they can be mitigated through an effective management program.
The Federal Deposit Insurance Corporation (FDIC) has prepared the attached guidance to assist financial institutions in protecting themselves against the vulnerabilities of instant messaging (IM) and establishing policies and procedures concerning its usage.
Instant messaging has become a popular communication channel because it facilitates real-time communication from any computer connected to the Internet by either connecting to a Web browser or by downloading free IM software. Newer versions also permit users to share files in addition to messaging. IM technology is used by financial institution employees at the workplace both officially, as approved by senior management, and unofficially, where users access IM directly from the Internet. IM access may expose financial institutions to security, privacy, and legal liability risks. Institutions should assess the risks and the business needs for IM and establish policies to allow, restrict or deny IM usage based on these risk assessments and business needs.
Customer information security guidelines require that periodic risk assessments and status reports be submitted to the board of directors. These periodic assessments and reports should include the institution’s position on IM. Any control weaknesses should be identified and addressed during the normal course of business.
For more information, please contact your FDIC Division of Supervision and Consumer Protection (DSC) Regional Office or Kathryn M. Weatherby, Examination Specialist in DSC, at (202)-898-6793.
Distribution: FDIC-Supervised Banks (Commercial and Savings)
NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC’s Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).