When Microsoft Stops Supporting Windows XP, Will Your Bank Be At Risk?


The six agencies which make up the Federal Financial Institutions Examination Council (“FFIEC”) have issued a joint statement cautioning financial institutions and their technology service providers regarding Microsoft’s decision to discontinue support for its venerable Windows XP system as of April 8, 2014.

Most institutions have switched to later Windows operating systems; however, some older purpose-built devices (ATM’s or document production platforms, for example) or some personal computers may still use Windows XP in some configuration.

While Windows XP may still function as an operating system after that date, a lack of support will translate into the absence of updated security patches and technical assistance. This in turn can increase compliance, reputation, and operational risks for a financial institution.

Financial institutions that are subject to the Payment Card Industry Data Security Standard should note that use of Windows XP after April 8, 2014 may also affect their overall compliance with that Standard.

Financial institutions and their service providers should consider the FFIEC statement in view of their own IT platforms and their risk management policies as well as other guidance issued by FFIEC over the years. Most approaches will include the familiar steps of performing risk assessments; applying appropriate mitigation for the identified risks; developing an implementation plan; and monitoring risk and its mitigation and reporting the results to management.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Tucker Arensberg, P.C. | Attorney Advertising

Written by:


Tucker Arensberg, P.C. on:

JD Supra Readers' Choice 2016 Awards
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.