Friday, February 24, 2017

FDIC IG Report Finds Deficiencies with TSP Vendor Contracts

An article in Banking Exchange found banks had troubling lapses in their contracts with technology service providers (TSPs).

The article cited the findings of a Federal Deposit Insurance Corporation's Office of the Inspector General (IG) report, which examined a total of 48 contracts between 19 financial institutions and various technology service providers.

The IG report found example after example of lapses in contracts it studied.

For example, contracts with TSPs typically did not address TSPs responsibilities and lacked specific provisions to protect and preserve the rights of financial institutions.

The contracts had limited information and assurance that TSPs (1) could recover and resume critical systems, services, and operations in a timely and effective manner, if disrupted, and (2) appropriate actions would be taken to contain and control incidents and report them in a timely fashion to the appropriate parties.

The IG report noted that 18 of the 19 financial institutions' contracts allowed TSPs to subcontract work. However, 15 financial institutions, which contractually allowed subcontractor use, failed to document subcontractor considerations within their technology service provider risk assessment matrix or due diligence reviews.

These are just a few of the findings of the report.

In response to the IG's findings, the FDIC said it would work with other Federal Financial Institution Examination Council agencies to update guidance on business continuity planning and incident response and that it would continue examinations and off-site monitoring of vendor management.

Credit unions should read this report. It could help them identify and address potential deficiencies in their TSP contracts.

It is likely that these contracts may become a focus of examinations by credit union regulators in the coming year.

Read the Inspector General report.

No comments:

Post a Comment


The content is provided for educational purposes only, with the understanding that neither the authors, contributors, nor the publishers of this site are engaged in rendering legal, accounting or other expert or professional services. If legal or other expert assistance is required, the services of a competent professional should be sought.

Comments appearing in response to articles appearing on this site do not necessarily reflect the views of the ABA. ABA makes no representations regarding the truth or accuracy of commentary or opinions that may be posted in response to the articles that appear on this website.

The inclusion herein of any link to a website, either in the text of an article or in a comment, does not denote any approval, sponsorship, or endorsement by the ABA, and ABA is not responsible for the content or opinions expressed on those linked websites or related commentary. This content is not licensed to third parties sites and is not affiliated with any third party site. Any reference to the author or this content on any third party site on the Internet is not authorized by the ABA.

It is the policy of the American Bankers Association to comply fully with all antitrust laws. Certain discussions should be considered off-limits, including those that contain competitively sensitive data such as price and cost information, or statements that could be construed as reflecting an attempt or desire to control or influence a particular market or markets. Future pricing or other prospective competitive information should never be shared.