![]() ![]() When services are outsourced, a financial institution's board of directors and senior management are responsible for managing the risks posed by those services as if they were performed within the institution. This integration can impact how financial institutions manage their own processes such as business continuity and incident response. Technology outsourcing relationships frequently integrate the systems and processes of the service provider and financial institution. ![]() Examination Specialist (IT) or (402) 397-0142įDIC Financial Institution Letters (FILs) may be accessed from the FDIC's website at To receive FILs electronically, please visit Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E 1002, Arlington, VA 22226 (87 or 70).įinancial institutions often contract with technology service providers for services to the institution and its customers. Donald Saxinger, Chief, IT Supervision, or (202) 898-3864.Notification of Performance of Bank Services.FIL 50-2001, Bank Technology Bulletin on Outsourcing.FIL 19-2016, Technical Assistance Video on Outsourcing Technology Services.FIL 44-2008, Guidance for Managing Third-Party Risk.FFIEC IT Business Continuity Planning Booklet.FFIEC IT Outsourcing Technology Services Booklet.FDIC-Supervised Financial Institutions and their Service Providers.Financial institutions have a responsibility under Section 7 of the Bank Service Company Act to notify their FDIC regional office of contracts or relationships with technology service providers that provide certain services to the institution.When contracts do not adequately address such risks, financial institutions remain responsible for assessing those risks and implementing appropriate mitigating controls.Recent FDIC examination findings noted that some financial institution contracts with technology service providers lack sufficient detail regarding the contract parties' respective rights and responsibilities for business continuity and incident response.Effective contracts are an important risk management tool for overseeing technology service provider risks, including business continuity and incident response.Financial institution boards of directors and senior management are responsible for managing risks related to relationships with technology service providers.Statement of Applicability to Institutions under $1 Billion in Total Assets: This FIL applies to all FDIC-supervised institutions. The attached document describes examiner observations about gaps in financial institutions' contracts with technology service providers that may require financial institutions to take additional steps to manage their own business continuity and incident response. Technology Service Provider Contracts Printable Format: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |