NCUA Releases FDIC Supervisory Letter Critical of FIS

The Credit Union Times indicates that the NCUA has released a FDIC Supervisory Letter that is critical of FIS:

The NCUA has asked credit unions which process their debit and credit card transactions with FIS to evaluate their relationship with the card processor in light of an information technology supervisory letter the company has received from the FDIC.

FIS processes credit and debit card transactions for the majority of card-issuing credit unions and has roughly 5,400 client credit unions.

The NCUA letter included a copy of the FDIC supervisory letter. An inter-agency team from the bank insurer, the Federal Reserve Bank of Atlanta and the Office of the Comptroller of the Currency conducted an interim supervisory review of FIS, which has both bank and credit union clients, on Oct. 17.

Here is the complete article that includes this response from FIS:

On Dec. 16, 2011, the Federal Financial Institution Examination Council Agencies issued FIS an Interim Review report noting eight matters requiring attention involving enhancing FIS’ information security functions, the company wrote in its statement.

FIS immediately discussed the MRAs with the FFIEC, developed mutually agreed upon detailed action plans with target completion dates to address the MRAs, and is firmly committed to resolving these issues. On Feb. 28, 2012, the FDIC issued FIS a letter noting these same MRAs as well as FIS’ detailed commitments to resolve all the MRAs.

‘ FIS’ Executive Management team and Board of Directors have been actively engaged in the company’s information security functions before, during and after the Sunrise event and fully support the company’s actions in this area,’ the Jacksonville, Fla.-based card processor added.