FFIEC Guidance on Managing Risks Associated With Outsourcing Technology Services
The FDIC, together with the other federal regulators of banks, thrifts and credit unions, issued the attached joint guidance on managing the risk exposure an institution faces when it uses outside firms for technology.
Through the Federal Financial Institutions Examination Council (FFIEC), the regulators issued this guidance on key management issues when outsourcing technology. These issues include risk assessment, service provider selection, contract terms and oversight of outsourcing arrangements.
The guidance is intended to assist financial institutions that are increasingly relying on outside firms for technology-related products and services to support an array of banking functions. Institutions of all sizes are using these products and services, as technology grows more complex and dynamic, creating a greater impetus to outsource.
In addition, the emergence of new startup service companies with limited experience, resources and knowledge of the regulated financial services environment heightens the importance of effective risk-management practices at the financial institution.
Institutions and their customers can achieve benefits through outsourcing of products and services. However, responsibility for managing the risks associated with those products or activities cannot be outsourced. Financial institutions should ensure that an appropriate risk-management process is in place to identify, measure, monitor and control the risks associated with technology-related outsourcing arrangements.
For more information, please contact Thomas J. Tuzinski (202-898-6748) or Robert D. Vilim (202-898-6511) in the FDIC's Division of Supervision.
Distribution: FDIC-Supervised Banks (Commercial and Savings) and Service Providers
NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-276-6003 or (703) 562-2200).