When Microsoft Stops Supporting Windows XP, Will Your Bank Be At Risk?


The six agencies which make up the Federal Financial Institutions Examination Council (“FFIEC”) have issued a joint statement cautioning financial institutions and their technology service providers regarding Microsoft’s decision to discontinue support for its venerable Windows XP system as of April 8, 2014.

Most institutions have switched to later Windows operating systems; however, some older purpose-built devices (ATM’s or document production platforms, for example) or some personal computers may still use Windows XP in some configuration.

While Windows XP may still function as an operating system after that date, a lack of support will translate into the absence of updated security patches and technical assistance. This in turn can increase compliance, reputation, and operational risks for a financial institution.

Financial institutions that are subject to the Payment Card Industry Data Security Standard should note that use of Windows XP after April 8, 2014 may also affect their overall compliance with that Standard.

Financial institutions and their service providers should consider the FFIEC statement in view of their own IT platforms and their risk management policies as well as other guidance issued by FFIEC over the years. Most approaches will include the familiar steps of performing risk assessments; applying appropriate mitigation for the identified risks; developing an implementation plan; and monitoring risk and its mitigation and reporting the results to management.


Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Tucker Arensberg, P.C. | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.