Citation Edit

Office of the Comptroller of the Currency, FFIEC Guidance on Risk Management of Outsourced Technology Services (OCC Advisory Letter 2000–12) (Nov. 28, 2000) (full-text).

Overview Edit

This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the risks associated with outsourcing technology services. Financial institutions should consider the guidance outlined in this statement and the attached appendix in managing arrangements with their technology service providers. While this guidance covers a broad range of issues that financial institutions should address, each financial institution should apply those elements based on the scope and importance of the outsourced services as well as the risk to the institution from the services.

Financial institutions increasingly rely on services provided by other entities to support an array of technology-related functions. While outsourcing to affiliated or nonaffiliated entities can help financial institutions manage costs, obtain necessary expertise, expand customer product offerings, and improve services, it also introduces risks that financial institutions should address. This guidance covers four elements of a risk management process: risk assessment, selection of service providers, contract review, and monitoring of service providers.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.