Multiple Service Provider Relationships

A multiple service provider relationship is an environment where two or more service providers collaborate to deliver an end-to-end solution to the financial institution.

An institution can select from two techniques to manage this relationship, but remains responsible for understanding and monitoring the control environment of all servicers that have access to the financial institution's systems, records, or resources. The first technique involves the use of a lead service provider to manage the institution's various technology providers. The second technique, which may present its own set of implementation challenges, involves the use of operational agreements between each of the service providers or stand-alone contracts. If the first technique is employed, management should ensure its primary service provider has a contractual obligation to notify the financial institution of any concerns (controls / performance) associated with any of its outsourced activities. Management should also ensure the service provider's control environment meets or exceeds the institution's expectations, including the control environment of organizations that the primary service provider utilizes.

Stand-alone contracts with each service provider require increased management of each provider. Contracting for a technology solution by using one lead provider may lessen the need for the institution to become directly involved if subcontractors fail to perform, but it does not diminish the responsibility for monitoring the internal and security controls of subcontractors through the primary service provider relationship. Because the institution has less control using the lead provider approach, management should require by contract that TSPs notify the institution of all subcontractor relationships.

 

Previous Section
Information Security/Safeguarding
Next Section
Outsourcing to Foreign Service Providers