Federal Financial Institutions Examination Council
|For Immediate Release||October 31, 2012|
Financial Regulators Release Guidance for the Supervision of Technology Service Providers
The Federal Financial Institutions Examination Council (FFIEC) today issued a revised Supervision of Technology Service Providers booklet (TSP Booklet), which is part of the FFIEC Information Technology Examination Handbook (IT Handbook). Concurrently, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency (collectively, the agencies) issued new Administrative Guidelines for the Implementation of the Interagency Program for the Supervision of Technology Service Providers (Guidelines).
The TSP Booklet contains guidance for examiners and financial institutions on the supervision of technology service providers. It addresses the agenciesí statutory authority to supervise third-party servicers that enter into contractual arrangements with regulated financial institutions. Additionally, the TSP Booklet outlines the agenciesí Risk Based - Examination Priority Ranking Program and includes an appendix describing the Uniform Rating System for Information Technology (URSIT), which the agencies use for financial institutions and their technology service providers.
The TSP Booklet stresses that a financial institutionís board of directors and management has the ultimate responsibility for ensuring outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations. Managing outsourced relationships is also discussed in depth in the Outsourcing Technology Services booklet, which is also part of the IT Handbook.
Although closely related to the TSP Booklet, the Guidelines are not part of the IT Handbook. The Guidelines describe the process that the agencies follow to implement the interagency supervisory programs and include the reporting templates examiners use throughout the supervisory cycle. The primary audience for these Guidelines is the agenciesí management and field examiners. The agencies will make revisions or additions to the Guidelines as needed. The Guidelines are available online at http://ithandbook.ffiec.gov/reference-materials.aspx.
The IT Handbook is a collaborative effort of the Information Technology Subcommittee of the FFIECís Task Force on Supervision. The Information Technology Subcommittee promotes uniform and effective information on technology-related policies, and supervisory programs for financial institutions and their service providers. The IT Handbook is available online at http://ithandbook.ffiec.gov/.
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms, and to promote uniformity in the supervision of financial institutions. The Council has six voting members: a Governor of the Board of Governors of the Federal Reserve System, designated by the Chairman of the Board; the Chairman of the Federal Deposit Insurance Corporation; the Chairman of the Board of the National Credit Union Administration; the Comptroller of the Currency; the Director of the Consumer Financial Protection Bureau; and the Chairman of the State Liaison Committee. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.