Federal Deposit Insurance Corporation
550 17th Street NW, Washington, DC 20429 Division of Supervision
RISK MANAGEMENT OF TECHNOLOGY OUTSOURCING
FIL-81-2000
November 29, 2000
TO: CHIEF EXECUTIVE OFFICER
SUBJECT: FFIEC Guidance on Managing Risks Associated With Outsourcing Technology
Services
The FDIC, together with the other federal regulators of banks, thrifts and credit unions, issued
the attached joint guidance on managing the risk exposure an institution faces when it uses
outside firms for technology.
Through the Federal Financial Institutions Examination Council (FFIEC), the regulators issued
this guidance on key management issues when outsourcing technology. These issues include
risk assessment, service provider selection, contract terms and oversight of outsourcing
arrangements.
The guidance is intended to assist financial institutions that are increasingly relying on outside
firms for technology-related products and services to support an array of banking functions.
Institutions of all sizes are using these products and services, as technology grows more
complex and dynamic, creating a greater impetus to outsource.
In addition, the emergence of new startup service companies with limited experience, resources
and knowledge of the regulated financial services environment heightens the importance of
effective risk-management practices at the financial institution.
Institutions and their customers can achieve benefits through outsourcing of products and
services. However, responsibility for managing the risks associated with those products or
activities cannot be outsourced. Financial institutions should ensure that an appropriate risk-
management process is in place to identify, measure, monitor and control the risks associated
with technology-related outsourcing arrangements.
For more information, please contact Thomas J. Tuzinski (202-898-6748) or Robert D. Vilim
(202-898-6511) in the FDIC's Division of Supervision.
Michael J. Zamorski
Acting Director
Attachment: Risk Management of Outsourced Technology Services HTML or PDF Format (52
Kb - PDF help or hard copy)
Distribution: FDIC-Supervised Banks (Commercial and Savings) and Service Providers
NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's
Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-276-
6003 or (703) 562-2200).Inactive
550 17th Street NW, Washington, DC 20429 Division of Supervision
RISK MANAGEMENT OF TECHNOLOGY OUTSOURCING
FIL-81-2000
November 29, 2000
TO: CHIEF EXECUTIVE OFFICER
SUBJECT: FFIEC Guidance on Managing Risks Associated With Outsourcing Technology
Services
The FDIC, together with the other federal regulators of banks, thrifts and credit unions, issued
the attached joint guidance on managing the risk exposure an institution faces when it uses
outside firms for technology.
Through the Federal Financial Institutions Examination Council (FFIEC), the regulators issued
this guidance on key management issues when outsourcing technology. These issues include
risk assessment, service provider selection, contract terms and oversight of outsourcing
arrangements.
The guidance is intended to assist financial institutions that are increasingly relying on outside
firms for technology-related products and services to support an array of banking functions.
Institutions of all sizes are using these products and services, as technology grows more
complex and dynamic, creating a greater impetus to outsource.
In addition, the emergence of new startup service companies with limited experience, resources
and knowledge of the regulated financial services environment heightens the importance of
effective risk-management practices at the financial institution.
Institutions and their customers can achieve benefits through outsourcing of products and
services. However, responsibility for managing the risks associated with those products or
activities cannot be outsourced. Financial institutions should ensure that an appropriate risk-
management process is in place to identify, measure, monitor and control the risks associated
with technology-related outsourcing arrangements.
For more information, please contact Thomas J. Tuzinski (202-898-6748) or Robert D. Vilim
(202-898-6511) in the FDIC's Division of Supervision.
Michael J. Zamorski
Acting Director
Attachment: Risk Management of Outsourced Technology Services HTML or PDF Format (52
Kb - PDF help or hard copy)
Distribution: FDIC-Supervised Banks (Commercial and Savings) and Service Providers
NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's
Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-276-
6003 or (703) 562-2200).Inactive