Back

Include managing mobile risks in the risk management program.


CONTROL ID
13535
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a risk management program., CC ID: 12051

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • An FI offering online financial services access via a mobile device should be aware of the risks unique to mobile applications. Specific measures aimed at addressing the risks of mobile applications should be put in place. Refer to Annex C for guidance on Mobile Application Security. (ยง 14.1.4, Technology Risk Management Guidelines, January 2021)
  • Determine whether management incorporates mobile risks into the overall risk management process. (AppE.7 Objective 5:1, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)