Managing Outsourcing Relationships
The board and senior management must provide effective oversight of third-party vendors providing e-banking services and support. Effective oversight requires that institutions ensure the following practices are in place:
- Effective due diligence in the selection of new service providers that considers financial condition, experience, expertise, technological compatibility, and customer satisfaction;
- Written contracts with specific provisions protecting the privacy and security of an institution's data, the institution's ownership of the data, the right to audit security and controls, and the ability to monitor the quality of service, limit the institution's potential liability for acts of the service provider, and terminate the contract;
- Appropriate processes to monitor vendor's ongoing performance, service quality, security controls, financial condition, and contract compliance; and
- Monitoring reports and expectations including incidence response and notification.
Due Diligence for Outsourcing Solutions