Outsourcing Technology Services

The bank regulatory agencies are getting better - and stricter - at technology examinations. So it is not inappropriate that the agencies have issued guidance on how to manage risk when technology services are outsourced. The procedures discuss the agencies' expectations for financial institutions' treatment of technology vendors, including areas of risk assessment, due diligence, oversight, and basic contract elements. The document closely resembles some issued in preparation for Y2K. This should be no surprise since the lessons learned in that process are directly relevant to managing technology risk generally. FIL-81-2000 is available on FDIC's website, www.fdic.gov.

Copyright © 2001 Compliance Action. Originally appeared in Compliance Action, Vol. 5, No. 16, 1/01