Federal Financial Institutions Examination Council
|For Immediate Release||November 28, 2000|
EXAM COUNCIL RELEASES GUIDANCE ON TECHNOLOGY OUTSOURCING
The Federal Financial Institutions Examination Council issued guidance today on financial institutions' management of risk arising from technology services supplied by outside firms.
Today's guidance is intended to assist financial institutions in effectively managing the risks of outsourcing arrangements. Institutions outsource a wide range of technology services that include aggregation, digital certification, security monitoring, information and transaction processing and settlement activities to support banking functions. Outsourcing technology services can help institutions manage cost, improve services and customer support, and obtain additional expertise.
The FFIEC expects the boards of directors and senior management of financial institutions to oversee and manage outsourcing relationships. Financial institutions should institute an outsourcing process that includes:
The guidance encourages managers to consider additional risk-management controls when services involve the use of the Internet. The Internet, with its broad geographic reach, ease of access and anonymity, requires institutions' close attention to maintaining secure systems, detecting intrusions, developing reporting systems, and verifying and authenticating customers.
A copy of the guidance is attached (PDF).