American Association of Bank Directors - Publications And Communications

About AABD Mission Statement Leadership, Advisors,
and Staff AABD Committees

Subject Matter/Programs

Why Become A Member Criteria for Membership Top 10 Reasons Membership Application

Current Policy Positions Regulatory Burdens on Bank Directors Federal Banking Agencies Congress State Banking Agencies State Legislatures

AABD Major Publications Bank Director News Press Releases, Letters,
Articles, and Speeches Recommended Reading Pocket Guides for Directors Order Publications

Education Needs Institute For Bank
Director Education (IBDE) Bank Director Certification IBDE Course Guide

Risk Management of Technology Outsourcing

On November 28, 2000, the Federal Financial Institutions Examination Council issued a statement applicable to all insured banks and federal credit unions entitled "Risk Management of Outsourced Technology Services".

The statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the risks associated with outsourcing technology services.

Technology services include core processing; information and transaction processing and settlement activities that support banking functions such as lending, deposit-taking, funds transfer, fiduciary, or trading activities; internet related services; security monitoring; systems development and maintenance; aggregation services; digital certification services, and call centers.

The statement, called a "guidance", covers four elements of a risk management process; risk assessment, selection of service providers, contract review, and monitoring of service providers.

The statement emphasizes the role and responsibilities of the Board of Directors in several places.

For example, the statement provides that the Board and senior management are responsible for understanding the risks associated with outsourcing arrangements for technology services and ensuring that effective risk management practices are in place. It also states that as part of this responsibility, the Board and management should assess how the outsourcing arrangement will support the institution's objectives and strategic plans and how the service provider's relationship will be managed.

A copy of the entire FFIEC Guidance is available from several sources. See, for example, FIL-81-2000, November 29, 2000 (FDIC, Division of Supervision); http://www.fdic.gov/publications/publications/financial/2000/fil0081.html.