Information Security & Business Continuity
Information Security & Internal Controls
FHLB Des Moines believes a comprehensive Information Security Program is essential to the Bank’s safety and soundness and has taken a multifaceted approach to security that includes preventive, detective and recovery controls. These controls include internal and independent third-party testing and assessments of internal controls multiple times throughout the year to identify gaps and strengthen existing controls to safeguard the confidentiality, integrity and availability of all Bank assets. The results of these tests and assessments are regularly communicated to Bank management, the board and Bank regulators. FHLB Des Moines has policies and procedures in place to:
Maintain the security and confidentiality of non-public personal consumer information;
Protect against anticipated threats of hazard to the security and integrity of such information; and
Protect against unauthorized access to or use of such information.
Disaster Recovery & Business Continuity
FHLB Des Moines believes planning for disaster recovery and business continuity is essential to the Bank’s safety and soundness. FHLB Des Moines has an alternate “hot” site from which it can operate in the event of a disaster or business interruption that renders its headquarters wholly or partly inaccessible or unusable. Recovery processes are tested every year and internal processes are updated as needed to reflect any changes in FHLB Des Moines business environment. In addition, FHLB Des Moines has agreements with other FHLBanks to provide wire transfer services and overnight advances if the Bank is unable to perform these transactions for its members. In case of a disaster, members will be contacted as soon as possible regarding any changes.
Service Organization Control Reports
Service Organization Control (SOC) reports are internal control reports on the services provided by a service organization. The provisions of auditing standard AU 324, Service Organizations, are not intended to apply to situations in which the services provided are limited to executing client organization transactions that are specifically authorized by the client (Section 324.03). Since the services provided by FHLB Des Moines are executed based upon authorizations from our customers, FHLB Des Moines does not fall under the definition of a service provider in this instance. As such, a SOC report in accordance with Statements on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, is not prepared for services provided by FHLB Des Moines. Please note however that, as discussed in more detail above, FHLB Des Moines has established and maintains an effective internal control system that addresses the efficiency and effectiveness of the Bank’s activities, the safeguarding of its assets and the reliability, completeness and timely reporting of financial and management information to the board and outside parties.