Summary:
The three attached FDIC Technology Outsourcing documents are being re-issued as an informational resource to community banks on how to select service providers, draft contract terms, and oversee multiple service providers when outsourcing for technology products and services. The documents are not examination procedures or official guidance but, rather, informational tools.
Statement of Applicability to Institutions with Less than $1 Billion in Total Assets : This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions.
Highlights:
- The attached three documents, first issued on June 4, 2001, contain practical ideas for banks to consider when they engage in technology outsourcing.
- These documents are intended to assist community bankers by providing information on:
- Effective Practices for Selecting a Service Provider,
- Tools to Manage Technology Providers' Performance Risk: Service Level Agreements, and
- Techniques for Managing Multiple Service Providers.
- The attached documents are for informational purposes only and are not considered to be official examination guidance.
- Examination guidance and additional information on vendor management can be found in the FFIEC IT Examination Handbook, Outsourcing Technology Services . This guidance focuses on four key areas: risk assessment, service provider selection, contract terms, and oversight of outsourcing arrangements.
Suggested Distribution:
- FDIC-Supervised Banks (Commercial and Savings)
Suggested Routing:
- Chief Executive Officer
- Chief Information Security Officer
Paper copies of may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).
Additional Related Topics:
- FFIEC Handbook on Outsourcing Technology Services (June 2004)
FIL-13-2014