Nov. 1, 2012 – The Federal Financial Institutions Examination Council has issued a revised Supervision of Technology Service Providers booklet that outlines new administrative guidelines regarding the risk management of third-party technology service providers.
The new guidelines were issued concurrently with the booklet Wednesday by the Federal Reserve Board, FDIC, and the Office of the Comptroller of the Currency.
The booklet addresses the agencies’ supervision of third-party servicers that enter into contracts with regulated financial institutions. It also outlines the agencies’ risk-based examination priority ranking program and includes an appendix describing the rating system the agencies use to supervise financial institutions and their technology service providers.
The FFIEC concludes in the booklet that it is a financial institution’s board of directors and management that bears “the ultimate responsibility for ensuring outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.”
The process that the agencies must follow to implement the interagency supervisory programs are outlined in the guidelines, including the reporting templates examiners must use throughout the supervisory cycle. The guidelines, which are intended primarily for the agencies’ management and field examiners, will be revised as needed, the FFIEC said.
The FFIEC discusses managing outsourced relationships more fully in the Outsourcing Technology Services booklet. Both booklets are part of the FFIEC's Information Technology Examination Handbook.