Board of Governors of the Federal Reserve System, Div. of Banking Supervision and Regulation, Guidance on the Risk Management of Outsourced Technology Services (Supervisory Letter SR 00-17) (Nov. 30, 2001) (full-text).
This interagency guidance focuses on the risk management process of identifying, measuring, monitoring, and controlling the risks associated with outsourcing technology services. While outsourcing can improve banking services, help control costs, and provide the technical assistance needed to maintain and expand product offerings, it also introduces additional risks that need to be addressed. The guidance includes four key elements to address those risks: risk assessment, service provider selection, contract provisions and review, and ongoing service provider monitoring. The guidance also includes an appendix that provides examples of considerations that may be relevant in the areas of due diligence in selecting a service provider, contracting issues, and ongoing service provider monitoring.