The Agencies' IT examination process is based on the concept of ongoing, risk-based supervision. This includes the identification and selection of TSPs warranting interagency supervision and the development of a risk-based supervisory strategy for each of these entities. This approach provides for examination coverage of selected TSPs, including core application processors, electronic funds transfer switches, Internet banking providers, item processors, managed security servicers, and data storage servicers. This list is representative of some types of service providers that may be examined and is not intended to be all-inclusive.
The examinations of TSPs focus on the following underlying risk issues that affect the client financial institutions or the institutions' customers:
- Management of technology. The planning and oversight of technology resources and services, ensuring they support the strategic goals and objectives of the TSP and its serviced financial institutions.
- Integrity of data. The accuracy and reliability of automated information processes and associated management information systems.
- Confidentiality of information. The protection of information from intentional or inadvertent disclosure to unauthorized individuals.
- Availability of services. The resilience of the TSP, including effective disaster recovery, business continuity plans, and adherence to service-level agreements.
- Compliance. TSPs are expected to provide services to client financial institutions to help them comply with applicable laws, rules, regulations, and policies.
- Financial stability. The maintenance of sufficient capital and liquidity to support ongoing operations and the ability to generate profit to ensure future viability. Financial difficulties at the TSP can negatively affect the safe and sound operations of serviced financial institutions through deteriorating quality of service, reliability of service, or adequacy of controls.
Examiner-In-Charge of Site or Activity
Risk-Based-Examination Priority Ranking