WASHINGTON (2/9/15)--An update to the Federal Financial Institutions Examination Council (FFIEC) Information Technology Handbook was issued Friday to FFIEC members.
The update consists of the addition of a new appendix, titled "Strengthening the Resilience of Outsourced Technology Services," and is part of the FFIEC's Business Continuity Planning (BCP) handbook.
The appendix highlights that a financial institution's reliance on third-party service providers does not relieve a financial institution of its responsibility to ensure that outsourced activities are conducted in a safe and sound manner.
According to the FFIEC, "an effective third-party management program should provide the framework for financial institution management to identify, measure, monitor and mitigate the risks associated with outsourcing. Specifically, a financial institution should ensure that its third-party service providers do not negatively affect its ability to appropriately recover IT systems and return critical functions to normal operations in a timely manner."
The BCP booklet contains guidance to assist examiners in evaluating financial institution and service provider risk management processes to ensure the availability of critical financial services during extreme circumstances, such as the blizzard that hit the Northeast several weeks ago.
The FFIEC is comprised of representatives of the the National Credit Union Administration, Federal Reserve, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau and the State Liaison Committee (SLC). The SLC includes representatives from the National Association of State Credit Union Supervisors, Conference of State Bank Supervisors, and the American Council of State Savings Supervisors.